ICSA-26-022-06 · Published 2026-01-22 · View on CISA ICS-CERT ↗

Hubitat Elevation Hubs

CVSS 9.1 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated attacker to escalate their privileges and control devices outside of their authorized scope.

CVEs (1)

CVE-2026-1201

Remediations

Hubitat has released the following for users to implement:
Firmware version 2.4.2.157

Affected Vendors

Hubitat

Affected Products (6)

Hubitat · Elevation C3 <firmware_2.4.2.157

Hubitat · Elevation C4 <firmware_2.4.2.157

Hubitat · Elevation C5 <firmware_2.4.2.157

Hubitat · Elevation C7 <firmware_2.4.2.157

Hubitat · Elevation C8 <firmware_2.4.2.157

Hubitat · Elevation C8 pro <firmware_2.4.2.157

Affected Sectors

Energy, Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more