Auth bypass in Honeywell CCTV risks unauthorized feeds and account takeover

February 19, 2026 at 07:43 AM

•

1 min read

Auth bypass in Honeywell CCTV risks unauthorized feeds and account takeover — Photo: BleepingComputer

TL;DR Summary

CISA warns of a critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV models that allows an unauthenticated attacker to change the recovery email on a device account, enabling account takeover and unauthorized access to camera feeds; as of Feb 17 there were no known public exploits; mitigations include limiting network exposure, isolating devices behind firewalls, and using secure VPN remote access; Honeywell has not issued a public advisory and users should contact support for patch guidance.

Topics:technology #authentication-bypass #cctv #cisa #cve-2026-1670 #honeywell #security

Share this article

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

89%

676 → 75 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights