{"uuid": "ebad18a5-251f-49a4-b877-c63995fd13a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Unifi - Security Advisory Bulletin 066", "description": "Reference: https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc \n\nOverview\n\nPublished: July 2, 2026\n\nVersion: 1.0\n\nRevision: 1.0\n\n \n\nSummary 1 of 25\n\n \n\nA malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.\n\n \n\nAffected Products:\n\nUniFi Connect Application (Version 3.4.16 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Connect Application to Version 3.4.20 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 10.0 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\nCVE:  CVE-2026-50746 (Duc Anh Nguyen (@heckintosh_))\n\n \n\n \n\nSummary 2 of 25\n\n  \n\nA malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.\n\n \n\nAffected Products:\n\nUniFi Talk Application (Version 5.1.2 and earlier)\n\nMitigation:\n\nUpdate your UniFi Talk Application to Version 5.2.2 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 9.9 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\n\nCVE: CVE-2026-50747 (Abdulaziz Almadhi | Catchify Security)\n\n \n\n \n\nSummary 3 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.\n\n \n\nAffected Products:\n\nUniFi Access Application (Version 4.2.28 and earlier)\n\nMitigation:\n\nUpdate your UniFi Access Application to Version 4.2.29 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 9.9 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\n\nCVE: CVE-2026-50748 (Abdulaziz Almadhi | Catchify Security)\n\n \n\n \n\nSummary 4 of 25\n\n  \n\nA malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.\n\n \n\nAffected Products:\n\nUniFi Access Application (Version 4.2.28 and earlier)\n\nMitigation:\n\nUpdate your UniFi Access Application to Version 4.2.29 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 9.1 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\n\nCVE: CVE-2026-54400 (Abdulaziz Almadhi | Catchify Security)\n\n \n\n \n\nSummary 5 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.\n\n \n\nAffected Products:\n\nUniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nUNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)\n\nEF-Core (Version 5.1.18 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.\n\nUpdate your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.19 or later.\n\nUpdate your EF-Core to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.7 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\n\nCVE: CVE-2026-54401 (Kerolos Sameh | oathnet.org)\n\n \n\n \n\nSummary 6 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.\n\nAffected Products:\n\nUniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nUNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)\n\nEF-Core (Version 5.1.18 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.\n\nUpdate your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.19 or later.\n\nUpdate your EF-Core to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 9.9 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\n\nCVE: CVE-2026-54402 (arqblasta)\n\n \n\n \n\nSummary 7 of 25\n\n \n\nA malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.\n\nAffected Products:\n\nUniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nUNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)\n\nEF-Core (Version 5.1.18 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.\n\nUpdate your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.19 or later.\n\nUpdate your EF-Core to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.6 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\n\nCVE:  CVE-2026-54403 (Griffin Francis &amp; Adrian Wood)\n\n \n\nNote: This CVE can be chained with other vulnerabilities to eliminate the requirement for low-privileged access.\n\n \n\n \n\nSummary 8 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.\n\n \n\nAffected Products:\n\nUniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nUNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)\n\nEF-Core (Version 5.1.18 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.15 or later.\n\nUpdate your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.16 or later.\n\nUpdate your EF-Core to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.8 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-54404 (Garett Kopcha (0x5t))\n\n \n\n \n\nSummary 9 of 25\n\n \n\nA malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.\n\n \n\nAffected Products:\n\nUniFi Network Application (Version 10.3.58 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Network Application to Version 10.4.57 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\nCVE: CVE-2026-54405 (Dries from UniHosted)\n\n \n\nSummary 10 of 25\n\n \n\nA malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.\n\n \n\nAffected Products:\n\nUniFi Network Application (Version 10.3.58 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Network Application to Version 10.4.57 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.7 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H\n\nCVE:  CVE-2026-54406 (Garett Kopcha (0x5t))\n\n \n\n \n\nSummary 11 of 25\n\n \n\nA malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.\n\n \n\nAffected Products:\n\nUniFi Protect Application (Version 7.1.77 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Protect Application to Version 7.1.83 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.6 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\n\nCVE:  CVE-2026-54407 (Abdulaziz Almadhi / Catchify Security Team)\n\n \n\n \n\nSummary 12 of 25\n\n \n\nA malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.\n\n \n\nAffected Products:\n\nUniFi Protect Application (Version 7.1.77 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Protect Application to Version 7.1.83 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.6 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L\n\nCVE: CVE-2026-54408 (Brandon Rossi)\n\n \n\n \n\nSummary 13 of 25\n\n \n\nA malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.\n\n \n\nAffected Products:\n\nUniFi Protect Application (Version 7.1.77 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Protect Application to Version 7.1.83 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-54409 (Micha\u0142 Suda (klumz33))\n\n \n\n \n\nSummary 14 of 25\n\n \n\nA malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. \n\n \n\nAffected Products:\n\nUniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nUNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)\n\nEF-Core (Version 5.1.18 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.15 or later.\n\nUpdate your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.16 or later.\n\nUpdate your EF-Core to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-55110 (Andy Gill, ZephrSec Ltd)\n\n \n\n \n\nSummary 15 of 25\n\n \n\nA malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.\n\n \n\nAffected Products:\n\nUniFi Protect Floodlight(Version 1.13.4 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Protect Floodlight to Version 1.13.6 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n\nCVE: CVE-2026-55111 (Logan Fernandez (enzyme0))\n\n \n\n \n\nSummary 16 of 25\n\n \n\nA malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.\n\n \n\nAffected Products:\n\nUDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, UDW, UDR, UDR7, UDR-5G, UCKP, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nMitigation:\n\nUpdate your UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, UDW, UDR, UDR7, UDR-5G, UCKP, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-55112 (Brandon Rossi)\n\n \n\n \n\nSummary 17 of 25\n\n \n\nA malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.\n\n \n\nAffected Products:\n\nUniFi Talk Application (Version 5.1.2 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Talk Application to Version 5.2.2 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H\n\nCVE: CVE-2026-55113 (Duc Anh Nguyen (@heckintosh_))\n\n \n\n \n\nSummary 18 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.\n\n \n\nAffected Products:\n\nUniFi Network Application (Version 10.3.58 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Network Application to Version 10.4.57 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.8 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-55114 (Corbett3000)\n\n \n\n \n\nSummary 19 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.\n\n \n\nAffected Products:\n\nUniFi Protect Application (Version 7.1.77 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Protect Application to Version 7.1.83 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 9.9 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\n\nCVE: CVE-2026-55115 (Brandon Rossi)\n\n \n\n \n\nSummary 20 of 25\n\n \n\nA malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.\n\n \n\nAffected Products:\n\nUDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)\n\nEF-Core (Version 5.1.18 and earlier)\n\n \n\nMitigation:\n\nUpdate your UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, EF-Core, UDW, UDR, UDR7, UDR-5G, Express 7, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 9.0 Critical\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\n\nCVE: CVE-2026-55116 (Joseph Semaan)\n\n \n\n \n\nSummary 21 of 25\n\n \n\nA malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.\n\nAffected Products:\n\nUniFi Access Application (Version 4.2.28 and earlier)\n\nMitigation:\n\nUpdate your UniFi Access Application to Version 4.2.29 or later.\n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.6 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\n\nCVE: CVE-2026-55117 (Brandon Rossi)\n\n  \n\n \n\nSummary 22 of 25\n\n \n\nA malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.\n\n \n\nAffected Products:\n\nUniFi Network Application (Version 10.3.58 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Network Application to Version 10.4.57 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.3 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\n\nCVE: CVE-2026-55118 (bs0xx)\n\n \n\n \n\nSummary 23 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.\n\n \n\nAffected Products:\n\nUniFi Talk Application (Version 5.1.2 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Talk Application to Version 5.2.2 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.1 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\n\nCVE: CVE-2026-55119 (Abdulaziz Almadhi | Catchify Security)\n\n \n\n \n\nSummary 24 of 25\n\n \n\nA malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.\n\n \n\nAffected Products:\n\nUniFi Protect Application (Version 7.1.77 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Protect Application to Version 7.1.83 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 8.8 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-56841 (Abdulaziz Almadhi | Catchify Security)\n\n \n\n \n\nSummary 25 of 25\n\n \n\nA malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.\n\n \n\nAffected Products:\n\nUniFi Network Application (Version 10.3.58 and earlier)\n\n \n\nMitigation:\n\nUpdate your UniFi Network Application to Version 10.4.57 or later.\n\n \n\nImpact:\n\nCVSS v3.0 Severity and Metrics:\n\nBase Score: 7.5 High\n\nVector: \n\nCVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nCVE: CVE-2026-56842 (BugBunny.ai)\n\n \n\n \n\nReference Links:\n\nhttps://community.ui.com/releases/UniFi-Connect-Application-3-24-20/3e2cd403-d021-4d40-8e33-0007e9683d62\n\nhttps://community.ui.com/releases/UniFi-Talk-Application-5-2-2/f27dcd51-f51b-4bc9-9a7f-ecbb215ceeb1\n\nhttps://community.ui.com/releases/UniFi-Access-Application-4-2-29/63eac165-b7d4-4c43-8091-55ade3ec73c1\n\nhttps://community.ui.com/releases/UniFi-Network-Application-10-4-57/92694b29-fd78-4d52-906a-3211136610e2\n\nhttps://community.ui.com/releases/UniFi-Protect-Application-7-1-83/70e6c6a6-cd7f-43e6-87fc-4d70f0a1d9c6\n\nhttps://community.ui.com/releases/UniFi-Protect-Floodlight-1-13-6/ff9550e4-5e40-473d-95f0-047de07e87dd\n\nhttps://community.ui.com/releases/UniFi-OS-Dream-Machines-5-1-19/32c35941-c2b6-4fa2-9e63-09470bfb85f6\n\nhttps://community.ui.com/releases/UniFi-OS-Enterprise-Firewall-Core-5-1-19/21263def-e96c-47e6-9a75-96293fcb84e0\n\nhttps://community.ui.com/releases/UniFi-OS-Enterprise-Fortress-Gateway-5-1-19/45d861a0-fd93-43ee-841e-033423b112a2\n\nhttps://community.ui.com/releases/UniFi-OS-Enterprise-Network-Video-Recorders-5-1-19/ca291ead-bc98-4e8b-bc85-4ec03de3f77d\n\nhttps://community.ui.com/releases/UniFi-OS-Network-Video-Recorders-5-1-19/0728e007-aedd-4664-a3a1-38661b36f9bb\n\nhttps://community.ui.com/releases/UniFi-OS-Cloud-Gateways-5-1-19/233f8d0a-9973-4e01-a51e-30713939b240\n\nhttps://community.ui.com/releases/UniFi-OS-Cloud-Keys-5-1-19/44aabe56-c674-47f7-85f4-d483bb7c5bfe\n\nhttps://community.ui.com/releases/UniFi-OS-Dream-Wall-5-1-19/c33cde37-ac2e-4015-bcb6-39567448fc35\n\nhttps://community.ui.com/releases/UniFi-OS-Network-Attached-Storage-5-1-19/553addc7-4444-4eed-b46f-b2ee1f5f2285\n\nhttps://community.ui.com/releases/UniFi-OS-Dream-Routers-5-1-19/b9ae8a01-9415-496a-92b2-70aa784de65d\n\nhttps://community.ui.com/releases/UniFi-OS-Express-7-5-1-19/71fbc82e-da12-43df-82a7-6cd5a316e867\n\nhttps://community.ui.com/releases/UniFi-OS-Server-5-1-19/05db58f8-3306-48dc-bbd8-6cb681046a6d", "creation_timestamp": "2026-07-08T11:01:21.497466+00:00", "timestamp": "2026-07-08T11:01:21.497466+00:00", "related_vulnerabilities": ["CVE-2026-55113", "CVE-2026-55117", "CVE-2026-50747", "CVE-2026-56842", "CVE-2026-54409", "CVE-2026-55114", "CVE-2026-54401", "CVE-2026-55112", "CVE-2026-55116", "CVE-2026-54404", "CVE-2026-54402", "CVE-2026-54405", "CVE-2026-55110", "CVE-2026-55118", "CVE-2026-55119", "CVE-2026-54406", "CVE-2026-50746", "CVE-2026-54403", "CVE-2026-54400", "CVE-2026-54408", "CVE-2026-50748", "CVE-2026-55111", "CVE-2026-55115", "CVE-2026-54407", "CVE-2026-56841"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}
