CVE-2026-1201

Vulnerability Description

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.

Vulnerability Details

Published Date

January 22, 2026

Last Modified

January 29, 2026

CWE ID

CWE-639

Source

NVD

External References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-06

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment