Hubitat Elevation Hubs
Plan PatchCVSS 9.1ICS-CERT ICSA-26-022-06Jan 22, 2026
Attack path
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
A privilege escalation vulnerability in Hubitat Elevation hubs (all current models) allows an authenticated attacker to escalate privileges and control devices outside their authorized scope. The vulnerability affects firmware versions before 2.4.2.157. No firmware patch is planned, and the vendor recommends defensive measures such as network access restrictions and account management.
What this means
What could happen
An authenticated attacker with limited privileges on a Hubitat hub could escalate their access to full control, potentially allowing them to interact with and manipulate all connected smart home and building automation devices beyond their authorized scope.
Who's at risk
Building automation and smart home operators using Hubitat Elevation hubs (C3, C4, C5, C7, C8, or C8 Pro models). This affects facility managers, integrators, and residential users who control HVAC systems, access control, lighting, and other connected devices through Hubitat.
How it could be exploited
An attacker with valid credentials (e.g., a limited user account or guest access) on a Hubitat Elevation hub could exploit this privilege escalation vulnerability to gain administrator-level access. Once escalated, the attacker could control all connected devices including locks, thermostats, sensors, and lighting systems regardless of original access restrictions.
Prerequisites
- Valid user account on the Hubitat Elevation hub (any privilege level)
- Network access to the Hubitat hub interface (local network or remote if exposed)
- Elevated privileges (initial compromised account must already exist)
no patch availableprivilege escalation allows unauthorized device controlaffects building automation and physical safety systems
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (6)
6 EOL
ProductAffected VersionsFix Status
Elevation C8 pro: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C7: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C8: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C3: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C4: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Elevation C5: <firmware_2.4.2.157<firmware 2.4.2.157No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3HARDENINGRestrict network access to the Hubitat hub management interface to trusted devices and users only
HARDENINGAudit and remove unnecessary user accounts from the Hubitat hub
HARDENINGReset all user account passwords to strong, unique credentials
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Elevation C8 pro: <firmware_2.4.2.157, Elevation C7: <firmware_2.4.2.157, Elevation C8: <firmware_2.4.2.157, Elevation C3: <firmware_2.4.2.157, Elevation C4: <firmware_2.4.2.157, Elevation C5: <firmware_2.4.2.157. Apply the following compensating controls:
HARDENINGSegment the Hubitat hub on a separate network zone isolated from critical building control systems
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/45ddc74e-d7ec-4801-a688-605397956a50Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.