Hubitat Elevation CVE-2026-1201
Lifecycle Timeline
2DescriptionCVE.org
An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.
AnalysisAI
An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controller versions up to 2.4.2.157 is affected by authorization bypass through user-controlled key.
Technical ContextAI
This vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) affects An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controller. An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.
Affected ProductsAI
Product: An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controller. Versions: up to 2.4.2.157.
RemediationAI
Monitor vendor advisories for a patch.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today