Hubitat Elevation Hubs
Act Now9.1ICS-CERT ICSA-26-022-06Jan 22, 2026
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability in Hubitat Elevation hubs (C3, C4, C5, C7, C8, C8 Pro) with firmware below 2.4.2.157 allows an authenticated attacker to escalate privileges and control devices outside their authorized scope. This affects the hub's access control mechanism (CWE-639). No firmware patch is currently available from Hubitat for any affected model.
What this means
What could happen
An authenticated user with limited access could escalate privileges and gain control over all devices in the Hubitat hub, potentially overriding intended access controls and disrupting automation across building systems.
Who's at risk
Building automation administrators and operators managing Hubitat Elevation hubs (C3, C4, C5, C7, C8, C8 Pro). Any organization using these hubs for lighting, climate control, locks, sensors, or other automation should be concerned if multiple user accounts exist or untrusted users have network access to the hub.
How it could be exploited
An attacker with valid user credentials (such as a tenant, contractor, or employee with limited access) logs into the Hubitat hub and exploits a privilege escalation flaw in the authentication mechanism to gain administrator-level permissions. They then control devices beyond their authorized scope.
Prerequisites
- Valid Hubitat login credentials (any user account)
- Network access to the Hubitat hub management interface
- Physical or network access to the hub
Privilege escalationNo patch availableAffects access controlsAuthentication bypassMulti-user environments at risk
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (6)
6 EOL
ProductAffected VersionsFix Status
Elevation C8 pro: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C7: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C8: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C3: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C4: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C5: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/3HARDENINGRestrict network access to the Hubitat hub management interface using firewall rules or VPN. Limit access to trusted internal networks or static IP addresses only.
HARDENINGReview and audit all user accounts on the Hubitat hub. Remove unused accounts and restrict permissions to the minimum necessary for each user's role.
HARDENINGMonitor user activity and device control logs on the Hubitat hub for unauthorized changes or unusual access patterns.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXMonitor Hubitat vendor communications for security patches and update firmware immediately when a fix is released.
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Elevation C8 pro: <firmware_2.4.2.157, Elevation C7: <firmware_2.4.2.157, Elevation C8: <firmware_2.4.2.157, Elevation C3: <firmware_2.4.2.157, Elevation C4: <firmware_2.4.2.157, Elevation C5: <firmware_2.4.2.157. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the Hubitat hub and controlled devices from untrusted networks and guest systems.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/45ddc74e-d7ec-4801-a688-605397956a50