LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-1670

CVE-2026-1670 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 17, 2026

Published: February 18, 2026Updated: February 17, 2026

Overview

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Social Media Activity(6 posts)

Offensive Sequence
Offensive Sequence
@offseq
Feb 18, 2026

⚠️ CRITICAL: Honeywell I-HIB2PI-UL 2MP IP (6.1.22.1216) has CVE-2026-1670 (CWE-306) — missing auth on API enables remote attackers to change recovery emails and take over accounts. Patch or segment now! https://radar.offseq.com/threat/cve-2026-1670-cwe-306-missing-authentication-for-c-7263f78b #OffSeq #Honeywell #Vuln #OTSecurity

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Feb 17, 2026

🔴 CVE-2026-1670 - Critical (9.8) The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1670/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Feb 17, 2026

🔴 CVE-2026-1670 - Critical (9.8) The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1670/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Feb 18, 2026

⚠️ CRITICAL: Honeywell I-HIB2PI-UL 2MP IP (6.1.22.1216) has CVE-2026-1670 (CWE-306) — missing auth on API enables remote attackers to change recovery emails and take over accounts. Patch or segment now! https://radar.offseq.com/threat/cve-2026-1670-cwe-306-missing-authentication-for-c-7263f78b #OffSeq #Honeywell #Vuln #OTSecurity

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Feb 17, 2026

🔴 CVE-2026-1670 - Critical (9.8) The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1670/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Feb 17, 2026

🔴 CVE-2026-1670 - Critical (9.8) The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1670/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-1670
Severity
Critical
CVSS Score
9.8
EPSS
0.0%
Social Posts
6

EPSS Score

0.0%Probability of exploitation in the next 30 days