NCSC-2026-0221

Vulnerability from csaf_ncscnl - Published: 2026-07-07 07:04 - Updated: 2026-07-07 07:04
Summary
Kwetsbaarheden verholpen in UniFi-producten van Ubiquiti Networks
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Ubiquiti Networks heeft kwetsbaarheden verholpen in verschillende UniFi-producten, waaronder UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application en UniFi Protect Application.
Interpretaties: De kwetsbaarheden betreffen meerdere UniFi-producten en omvatten command injection, SQL-injectie, improper input validation, improper access control, server-side request forgery (SSRF), path traversal, authenticatie-bypass en persistent privilege escalation. Aanvallers met netwerktoegang, soms met beperkte privileges en soms na authenticatie, kunnen hierdoor onder meer willekeurige commando's uitvoeren, privileges escaleren, bestanden lezen of wijzigen, authenticatie omzeilen, en Denial of Service (DoS) veroorzaken. Sommige kwetsbaarheden vereisen gebruikersinteractie, zoals het bezoeken van een kwaadaardige website, terwijl andere direct via netwerktoegang kunnen worden misbruikt. De kwetsbaarheden zijn aanwezig in applicaties en platformen die gebruikt worden voor netwerkbeheer, toegangscontrole, video surveillance en beveiligingsmonitoring binnen de UniFi-productlijn.
Oplossingen: Ubiquiti Networks heeft updates uitgebracht om de kwetsbaarheden in de UniFi-producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-284: Improper Access Control
CWE-665: Improper Initialization
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-942: Permissive Cross-domain Security Policy with Untrusted Domains

A vulnerability in the UniFi Connect Application allows a malicious actor with network access to perform command injection on the host device due to improper access control.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege attacker on the network can exploit authenticated SQL Injection vulnerabilities in the UniFi Talk Application to escalate privileges on the host device.

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege network attacker can exploit an Improper Input Validation vulnerability in the UniFi Access Application to perform command injection on the host device.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

An Improper Access Control vulnerability in the UniFi Access Application allows a high-privilege network attacker to escalate privileges on the host device.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privileged attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in UniFi OS devices to escalate privileges and gain unauthorized access.

CWE-918 - Server-Side Request Forgery (SSRF)
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege network attacker can exploit an Improper Input Validation vulnerability in UniFi OS to perform command injection on the host device, potentially compromising system integrity.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A Path Traversal vulnerability in certain UniFi OS devices enables a malicious actor with network access to bypass authentication mechanisms, potentially compromising device security.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

Authenticated SQL Injection vulnerabilities in UniFi OS allow low-privilege network actors to escalate privileges on affected devices or instances.

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A vulnerability in the UniFi Network Application allows a malicious actor with network access to cause a Denial of Service (DoS) attack via improper input validation.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A Path Traversal vulnerability in self-hosted UniFi Network Application instances enables a high-privilege malicious actor on the network to escalate write permissions on the host device.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication on specific API endpoints due to improper access control.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A vulnerability in the UniFi Protect Application enables a malicious actor with network access to bypass authentication and stream data without authorization.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A vulnerability in the UniFi Protect Application allows a malicious actor with network access to bypass authentication on UniFi Protect Cameras due to improper initialization, potentially compromising device security.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A CORS misconfiguration in UniFi OS allows attackers to exploit authenticated user sessions by luring users to malicious pages, enabling unauthorized actions.

CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A Path Traversal vulnerability in UniFi Protect Floodlight devices allows a malicious actor with network access to retrieve arbitrary files from the device, posing a significant security risk.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege attacker on the network can exploit an Improper Access Control vulnerability in UniFi OS with the UniFi Protect Application to escalate privileges on the host device.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A Server-Side Request Forgery (SSRF) vulnerability in the UniFi Talk Application allows attackers with network access to bypass authentication and execute Denial of Service (DoS) attacks on specific API endpoints.

CWE-918 - Server-Side Request Forgery (SSRF)
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

An Improper Access Control vulnerability in the UniFi Network Application allows a low-privileged malicious actor on the network to escalate their privileges.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege network attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in the UniFi Protect Application to escalate privileges on the host device.

CWE-918 - Server-Side Request Forgery (SSRF)
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A vulnerability in certain UniFi OS devices permits a malicious actor with network access to perform unauthorized configuration changes due to insufficient access control mechanisms.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A Path Traversal vulnerability in the UniFi Access Application allows a malicious actor with network access to retrieve arbitrary files from the host device, posing a significant security risk.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege attacker on the network can exploit an Improper Access Control vulnerability in the UniFi Network Application to escalate their privileges.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A low-privilege attacker can exploit an Improper Access Control vulnerability in the UniFi Talk Application to escalate privileges within the application.

Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

An authenticated SQL Injection vulnerability in the UniFi Protect Application allows a low-privilege network user to escalate privileges on the host device.

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*

A vulnerability in the UniFi Network Application enables a malicious actor with network access to retain elevated privileges even after their access has been revoked.

CWE-863 - Incorrect Authorization
Affected products
Product Identifier Version Remediation
vers:unknown/*
Ubiquiti Inc / Cloud Gateways
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Cloud Keys
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Machines
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Routers
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Dream Wall
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Firewall Core
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Fortress Gateway
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Enterprise Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Express 7
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Attached Storage
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / Network Video Recorders
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Access Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Connect Application
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi OS Server
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Protect Floodlight
vers:unknown/*
vers:unknown/*
Ubiquiti Inc / UniFi Talk Application
vers:unknown/*
References
URL Category
https://community.ui.com/releases/Security-Adviso… external
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… self

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Ubiquiti Networks heeft kwetsbaarheden verholpen in verschillende UniFi-producten, waaronder UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application en UniFi Protect Application.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden betreffen meerdere UniFi-producten en omvatten command injection, SQL-injectie, improper input validation, improper access control, server-side request forgery (SSRF), path traversal, authenticatie-bypass en persistent privilege escalation. Aanvallers met netwerktoegang, soms met beperkte privileges en soms na authenticatie, kunnen hierdoor onder meer willekeurige commando\u0027s uitvoeren, privileges escaleren, bestanden lezen of wijzigen, authenticatie omzeilen, en Denial of Service (DoS) veroorzaken. Sommige kwetsbaarheden vereisen gebruikersinteractie, zoals het bezoeken van een kwaadaardige website, terwijl andere direct via netwerktoegang kunnen worden misbruikt. De kwetsbaarheden zijn aanwezig in applicaties en platformen die gebruikt worden voor netwerkbeheer, toegangscontrole, video surveillance en beveiligingsmonitoring binnen de UniFi-productlijn.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Ubiquiti Networks heeft updates uitgebracht om de kwetsbaarheden in de UniFi-producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
        "title": "CWE-89"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Initialization",
        "title": "CWE-665"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "Permissive Cross-domain Security Policy with Untrusted Domains",
        "title": "CWE-942"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
      }
    ],
    "title": "Kwetsbaarheden verholpen in UniFi-producten van Ubiquiti Networks",
    "tracking": {
      "current_release_date": "2026-07-07T07:04:45.729162Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0221",
      "initial_release_date": "2026-07-07T07:04:45.729162Z",
      "revision_history": [
        {
          "date": "2026-07-07T07:04:45.729162Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Cloud Gateways"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Cloud Keys"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Dream Machines"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Dream Routers"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Dream Wall"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Firewall Core"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Fortress Gateway"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Video Recorders"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Express 7"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Network Attached Storage"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Network Video Recorders"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "UniFi Access Application"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "UniFi Connect Application"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "UniFi OS Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "UniFi Protect Floodlight"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "UniFi Talk Application"
          }
        ],
        "category": "vendor",
        "name": "Ubiquiti Inc"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-50746",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the UniFi Connect Application allows a malicious actor with network access to perform command injection on the host device due to improper access control.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-50746 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50746.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-50746"
    },
    {
      "cve": "CVE-2026-50747",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        },
        {
          "category": "description",
          "text": "A low-privilege attacker on the network can exploit authenticated SQL Injection vulnerabilities in the UniFi Talk Application to escalate privileges on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-50747 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50747.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-50747"
    },
    {
      "cve": "CVE-2026-50748",
      "notes": [
        {
          "category": "description",
          "text": "A low-privilege network attacker can exploit an Improper Input Validation vulnerability in the UniFi Access Application to perform command injection on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-50748 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50748.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-50748"
    },
    {
      "cve": "CVE-2026-54400",
      "notes": [
        {
          "category": "description",
          "text": "An Improper Access Control vulnerability in the UniFi Access Application allows a high-privilege network attacker to escalate privileges on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54400 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54400.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54400"
    },
    {
      "cve": "CVE-2026-54401",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "A low-privileged attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in UniFi OS devices to escalate privileges and gain unauthorized access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54401 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54401.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54401"
    },
    {
      "cve": "CVE-2026-54402",
      "notes": [
        {
          "category": "description",
          "text": "A low-privilege network attacker can exploit an Improper Input Validation vulnerability in UniFi OS to perform command injection on the host device, potentially compromising system integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54402 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54402.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54402"
    },
    {
      "cve": "CVE-2026-54403",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A Path Traversal vulnerability in certain UniFi OS devices enables a malicious actor with network access to bypass authentication mechanisms, potentially compromising device security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54403 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54403.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54403"
    },
    {
      "cve": "CVE-2026-54404",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        },
        {
          "category": "description",
          "text": "Authenticated SQL Injection vulnerabilities in UniFi OS allow low-privilege network actors to escalate privileges on affected devices or instances.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54404 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54404.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54404"
    },
    {
      "cve": "CVE-2026-54405",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the UniFi Network Application allows a malicious actor with network access to cause a Denial of Service (DoS) attack via improper input validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54405 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54405.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54405"
    },
    {
      "cve": "CVE-2026-54406",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A Path Traversal vulnerability in self-hosted UniFi Network Application instances enables a high-privilege malicious actor on the network to escalate write permissions on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54406 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54406.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54406"
    },
    {
      "cve": "CVE-2026-54407",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication on specific API endpoints due to improper access control.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54407 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54407.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54407"
    },
    {
      "cve": "CVE-2026-54408",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the UniFi Protect Application enables a malicious actor with network access to bypass authentication and stream data without authorization.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54408 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54408.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54408"
    },
    {
      "cve": "CVE-2026-54409",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in the UniFi Protect Application allows a malicious actor with network access to bypass authentication on UniFi Protect Cameras due to improper initialization, potentially compromising device security.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-54409 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54409.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-54409"
    },
    {
      "cve": "CVE-2026-55110",
      "cwe": {
        "id": "CWE-942",
        "name": "Permissive Cross-domain Security Policy with Untrusted Domains"
      },
      "notes": [
        {
          "category": "other",
          "text": "Permissive Cross-domain Security Policy with Untrusted Domains",
          "title": "CWE-942"
        },
        {
          "category": "description",
          "text": "A CORS misconfiguration in UniFi OS allows attackers to exploit authenticated user sessions by luring users to malicious pages, enabling unauthorized actions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55110 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55110.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55110"
    },
    {
      "cve": "CVE-2026-55111",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A Path Traversal vulnerability in UniFi Protect Floodlight devices allows a malicious actor with network access to retrieve arbitrary files from the device, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55111 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55111.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55111"
    },
    {
      "cve": "CVE-2026-55112",
      "notes": [
        {
          "category": "description",
          "text": "A low-privilege attacker on the network can exploit an Improper Access Control vulnerability in UniFi OS with the UniFi Protect Application to escalate privileges on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55112 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55112.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55112"
    },
    {
      "cve": "CVE-2026-55113",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "A Server-Side Request Forgery (SSRF) vulnerability in the UniFi Talk Application allows attackers with network access to bypass authentication and execute Denial of Service (DoS) attacks on specific API endpoints.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55113 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55113.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55113"
    },
    {
      "cve": "CVE-2026-55114",
      "notes": [
        {
          "category": "description",
          "text": "An Improper Access Control vulnerability in the UniFi Network Application allows a low-privileged malicious actor on the network to escalate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55114 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55114.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55114"
    },
    {
      "cve": "CVE-2026-55115",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "A low-privilege network attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in the UniFi Protect Application to escalate privileges on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55115"
    },
    {
      "cve": "CVE-2026-55116",
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in certain UniFi OS devices permits a malicious actor with network access to perform unauthorized configuration changes due to insufficient access control mechanisms.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55116 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55116.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55116"
    },
    {
      "cve": "CVE-2026-55117",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A Path Traversal vulnerability in the UniFi Access Application allows a malicious actor with network access to retrieve arbitrary files from the host device, posing a significant security risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55117 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55117.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55117"
    },
    {
      "cve": "CVE-2026-55118",
      "notes": [
        {
          "category": "description",
          "text": "A low-privilege attacker on the network can exploit an Improper Access Control vulnerability in the UniFi Network Application to escalate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55118 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55118.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55118"
    },
    {
      "cve": "CVE-2026-55119",
      "notes": [
        {
          "category": "description",
          "text": "A low-privilege attacker can exploit an Improper Access Control vulnerability in the UniFi Talk Application to escalate privileges within the application.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-55119 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55119.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-55119"
    },
    {
      "cve": "CVE-2026-56841",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
          "title": "CWE-89"
        },
        {
          "category": "description",
          "text": "An authenticated SQL Injection vulnerability in the UniFi Protect Application allows a low-privilege network user to escalate privileges on the host device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-56841 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56841.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-56841"
    },
    {
      "cve": "CVE-2026-56842",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "description",
          "text": "A vulnerability in the UniFi Network Application enables a malicious actor with network access to retain elevated privileges even after their access has been revoked.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-56842 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56842.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16"
          ]
        }
      ],
      "title": "CVE-2026-56842"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…