CVE-2026-1670

Name of the Vulnerable Software and Affected Versions Honeywell CCTV products (affected versions not specified)

Description The affected products are vulnerable to exposure of an unauthenticated API endpoint. This allows a remote attacker to change the recovery email address associated with the "forgot password" functionality. Successful exploitation could lead to account takeover and unauthorized access to Honeywell camera feeds. The systems are widely deployed in commercial and critical infrastructure environments, potentially compromising physical security visibility. The API endpoint allows manipulation of the password recovery flow without authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.