The Invisible Skeleton Key: Critical CVSS 9.8 Flaw in Honeywell Cameras Allows Full Admin Takeover

A critical vulnerability has been unearthed within ubiquitous Honeywell surveillance cameras, enabling unauthorized actors to gain illicit access to live video feeds or effectuate a total takeover of the device’s administrative account. The Cybersecurity and Infrastructure Security Agency (CISA) issued a formal advisory regarding this systemic flaw.

Cataloged as CVE-2026-1670 with a near-maximum CVSS score of 9.8, the vulnerability is classified as a failure to authenticate a critical function. The essence of the exploit lies in its circumvention of traditional login requirements; through an exposed application programming interface (API), an adversary can remotely alter the email address designated for password recovery. Consequently, initiating a “forgot password” sequence allows the attacker to hijack the account and commandeer the camera’s visual stream.

CISA clarified that the vulnerability stems from an unauthenticated API that permits the unauthorized modification of recovery parameters. This defect impacts several models, including the I-HIB2PI-UL 2MP IP (version 6.1.22.1216), as well as devices within the SMB NDAA, PTZ WDR 2MP, and 25M IPC series.

Honeywell stands as a titan in the global security and surveillance sector, with its hardware deployed extensively across corporate offices, industrial warehouses, and critical infrastructure sites. While the warning specifically pertains to mid-tier models commonly utilized by small to medium-sized enterprises, these devices are frequently integrated into environments with rigorous security mandates.

Presently, there are no documented instances of this vulnerability being exploited in active offensives. Nevertheless, specialists strongly advocate for sequestering such devices from the public internet, isolating them behind robust firewalls, and utilizing encrypted remote access protocols. As Honeywell has yet to publish a dedicated bulletin for CVE-2026-1670, proprietors of the affected hardware are urged to consult Honeywell support for further guidance and firmware remediation.