Hubitat · Hubitat Elevation · CVE-2026-1201
**Name of the Vulnerable Software and Affected Versions**
Hubitat Elevation versions prior to 2.4.2.157
**Description**
A flaw exists in Hubitat Elevation home automation controllers that allows a remote authenticated user to control connected devices outside of their authorized scope. This is possible through manipulation of client-side requests. The issue involves an authorization bypass through user-controlled key manipulation.
**Recommendations**
Update to version 2.4.2.157 or later.