{"id":215308,"date":"2026-02-19T07:04:00","date_gmt":"2026-02-19T12:04:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs\/"},"modified":"2026-02-19T11:10:21","modified_gmt":"2026-02-19T16:10:21","slug":"cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs\/","title":{"rendered":"CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/188234\/security\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs.html\">CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/188234\/security\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs.html\">https:\/\/securityaffairs.com\/188234\/security\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-19 07:04:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> February 19, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/02\/image-47.png?fit=610%2C431&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking.<\/h2>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging in. This vulnerability enables account takeovers and unauthorized access to camera feeds by exploiting an unauthenticated API endpoint for password recovery.<\/p>\n<p>\u201cSuccessful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise.\u201d reads the alert published by CISA.<\/p>\n<p>The vulnerability was discovered by cybersecurity researcher Souvik Kandar.<\/p>\n<p>The vulnerability impacts the following Honeywell CCTVs models:<\/p>\n<ul class=\"wp-block-list\">\n<li>I-HIB2PI-UL 2MP IP 6.1.22.1216 (CVE-2026-1670)<\/li>\n<li>SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)<\/li>\n<li>PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)<\/li>\n<li>25M IPC WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)<\/li>\n<\/ul>\n<p>A critical auth bypass flaw in Honeywell CCTV models could allow attackers to take over accounts, granting unauthorized access to live feeds. Many of these cameras are used in critical infrastructure, corporate sites, and government facilities worldwide. The flaw can be exploited remotely, risking sensitive surveillance data and enabling attackers to move laterally within networks, making it a severe threat to security, privacy, and operational integrity.<\/p>\n<p>CISA advises organizations to reduce risk from this Honeywell CCTV flaw by isolating control system devices from the Internet, using firewalls, and placing remote&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/188234\/security\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs https:\/\/securityaffairs.com\/188234\/security\/cisa-alerts-to-critical-auth-bypass-cve-2026-1670-in-honeywell-cctvs.html Publish Date: 2026-02-19 07:04:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215309,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/02\/image-47.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-215308","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215308"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215308"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215308\/revisions"}],"predecessor-version":[{"id":215310,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215308\/revisions\/215310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215309"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}