Hubitat Elevation Home Automation Controllers Authorization Bypass Vulnerability

Vulnerability

A vulnerability allowing authorization bypass through user-controlled keys has been identified in Hubitat Elevation home automation controllers, affecting versions prior to 2.4.2.157. This vulnerability could enable a remote authenticated user to manipulate client-side requests and control connected devices beyond their authorized limits.

Impact

Exploitation of this vulnerability could allow an authenticated user to escalate privileges and gain control over devices outside of their authorized scope.

Added: Jan 22, 2026, 10:25 PM

Updated: Jan 22, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.1

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.1

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hubitat Elevation Home Automation Controllers Authorization Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating