Hubitat CVE debriefs

CVE-2026-1201

CVE-2026-1201 is a critical authorization bypass issue in Hubitat Elevation home automation controllers. According to CISA’s advisory, a remote authenticated user could manipulate client-side requests to control connected devices outside their authorized scope in versions prior to 2.4.2.157.