How severe is CVE-2026-1670?

CVE-2026-1670 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2026-1670

9.8CRITICAL

Publicado: 2/17/2026Actualizado: 2/17/2026

Descripción

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Análisis IAImpulsado por IA

Referencias

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-04.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-048-04
https://www.honeywell.com/us/en/contact/support