On February 17, 2026, a critical advisory warning was released under advisory ICSA-26-048-04 about a serious vulnerability affecting Honeywell CCTV products This article explores vulnerability cve 2026. . A high-severity security vulnerability that could enable malevolent actors to fully take over user accounts and obtain unauthorized access to private camera feeds is described in the alert. With a CVSS v3 score of 9.8, the vulnerability is classified as critical.

A critical function is impacted by the specific vulnerability, CVE-2026-1670, which is a missing authentication issue. The vulnerability makes it possible for an unauthenticated attacker to change the device's password recovery email address without needing previous login information. Description of CVE ID CVSS Score: CVE-2026-1670 9.8 Unauthenticated recovery email changes are made possible by the Critical Function's missing authentication.

The attacker can reset the password to gain access to the administrative account after changing the recovery email to an address under their control. In addition to jeopardizing the video feeds, this degree of access may also be a key point for additional network intrusions within the building. Several Honeywell IP and PTZ camera models are impacted by the problem.

Affected Product Name: I-HIB2PI-UL 2MP IP 6.1.22.1216 SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0 IPC WDR_2MP_32M_PTZ_v2.0 PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0 25M This vulnerability was found and reported to CISA by security researcher Souvik Kandar. The impacted equipment is used all over the world, mostly in the commercial facilities industry.

As of publication, CISA has not discovered any known instances of this vulnerability being exploited by the public. However, given the ease of exploitation, prompt action is advised. For all control system devices, administrators are encouraged to reduce network exposure by making sure they are never directly reachable from the public Internet.

To stop lateral movement, control system networks should be situated behind firewalls and kept separate from business networks. CISA advises businesses that need remote access to use secure techniques like Virtual Private Networks (VPNs), making sure the VPN devices are up to date. Because attackers frequently use phishing to obtain initial access before taking advantage of internal vulnerabilities, users are also urged to put social engineering defenses into place. X, LinkedIn, and LinkedIn for daily ZeroOwl.

To have your stories featured, get in touch with us.