CISA Warns of Critical Security Vulnerability in Honeywell Cameras

CISA has warned that a critical security vulnerability (CVE-2026-1670) has been identified in four Honeywell CCTV camera models. 

“Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise,” the advisory said.

The flaw is classified as “missing authentication for critical function” and has been given a CVSS severity score of 9.8.

According to CISA, the vulnerability stems from an unauthenticated API endpoint that lets bad actors remotely change the “forgot password” recovery email address associated with a camera account.

CISA advises users to take proactive steps to reduce the likelihood of exploitation of this vulnerability. Firstly, by minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Next, by placing control system networks and remote devices behind firewalls and ...