Latest Ubiquiti UniFi Protect vulnerabilities #

Ubiquiti disclosed multiple vulnerabilities affecting certain versions of the UniFi Protect Application:

  • CVE-2026-54407: An improper access control vulnerability that allows a remote, unauthenticated attacker to bypass authentication on specific UniFi Protect Application API endpoints. The vulnerability has been designated CVE-2026-54407 and has been rated high with a CVSS score of 8.6.
  • CVE-2026-54408: An improper access control vulnerability that allows a remote, unauthenticated attacker to bypass data streaming authentication. The vulnerability has been designated CVE-2026-54408 and has been rated high with a CVSS score of 8.6.
  • CVE-2026-54409: An improper initialization vulnerability that allows a remote, unauthenticated attacker to bypass authentication on UniFi Protect cameras under certain conditions. The vulnerability has been designated CVE-2026-54409 and has been rated high with a CVSS score of 7.5.
  • CVE-2026-55115: A Server-Side Request Forgery (SSRF) vulnerability that allows a remote, low-privileged attacker to escalate privileges on the host device. The vulnerability has been designated CVE-2026-55115 and has been rated critical with a CVSS score of 9.9.
  • CVE-2026-56841: An authenticated SQL Injection (SQLi) vulnerability that allows a remote, low-privileged attacker to escalate privileges on the host device. The vulnerability has been designated CVE-2026-56841 and has been rated high with a CVSS score of 8.8.

    The following versions are affected

    • UniFi Protect Application: Versions 7.1.77 and prior.

    What is Ubiquiti UniFi Protect? #

    Ubiquiti UniFi Protect is a network video management application that operates on specialized local hardware to manage camera configuration, video recording, and event-based analytics for an integrated surveillance system.

    What is the impact? #

    Successful exploitation of these vulnerabilities allows an adversary to escalate privileges on the host device while gaining unauthorized access to the UniFi Protect API endpoints, data streaming, and connected cameras.

    Are updates or workarounds available? #

    Users are encouraged to update to the latest version as quickly as possible:

    • UniFi Protect Application: Version 7.1.83 or later.

    How to find potentially vulnerable systems with runZero #

    From the Asset Inventory, use the following query to locate potentially impacted assets:

    hw:="Ubiquiti _NVR%"

    January 2026: CVE-2026-21633 and CVE-2026-21634 #

    Ubiquiti disclosed multiple vulnerabilities affecting certain versions of the UniFi Protect Application:

    • An improper authentication vulnerability via the discovery protocol. Successful exploitation allows a network-adjacent, unauthenticated adversary to obtain unauthorized access to UniFi Protect cameras. The vulnerability has been designated CVE-2026-21633 and has been rated high with a CVSS score of 8.8.
    • A buffer overflow vulnerability via the discovery protocol. Successful exploitation allows a network-adjacent, unauthenticated adversary to restart the application, causing a denial-of-service (DoS) condition. The vulnerability has been designated CVE-2026-21634 and has been rated medium with a CVSS score of 6.5.

      The following versions are affected

      • UniFi Protect Application versions 6.1.79 and prior

      What is the impact? #

      Successful exploitation of the vulnerabilities would allow an adversary to gain unauthorized access to UniFi Protect cameras or cause denial-of-service (DoS) conditions limiting proper function.

      Are updates or workarounds available? #

      Users are encouraged to update to the latest version as quickly as possible:

      • UniFi Protect Application upgrade to version 6.2.72 or later

      How to find potentially vulnerable systems with runZero #

      From the Asset Inventory, use the following query to locate potentially impacted assets:

      hw:="Ubiquiti _NVR%"

      May 2025: UniFi Protect IP cameras (CVE-2025-23123) #

      In May 2025, Ubiquiti disclosed a vulnerability in its UniFi Protect IP cameras. This vulnerability allowed an unauthenticated attacker with access to the camera's management network to execute arbitrary code on the device.

      This vulnerability was designated CVE-2025-23123 and had a CVSS score of 10.0 (critical). 

      What was the impact? #

      An attacker with access to the camera's management interface would be able to execute arbitrary code on the device. This would allow the attacker to take complete control of the device.

      Were updates or workarounds available? #

      Ubiquiti released an update to the firmware, version 4.75.62, to address this issue. Users were recommended to update to this or a later version as quickly as possible.

      How to find UniFi Protect cameras with runZero #

      From the Asset inventory, use the following query to locate Ubiquiti IP cameras on your network:

      hw:Ubiquiti type:Camera

      Written by Matthew Kienow

      Matthew Kienow is a software engineer and security researcher. Matthew previously worked on the Recog recognition framework, AttackerKB as well as Metasploit's MSF 5 APIs. He has also designed, built, and successfully deployed many secure software solutions; however, often he enjoys breaking them instead. He has presented his research at various security conferences including DerbyCon, Hack In Paris, and CarolinaCon. His research has been cited by CSO, Threatpost and SC Magazine.

      More about Matthew Kienow
      Subscribe Now

      Get the latest news and expert insights delivered in your inbox.

      Welcome to the club! Your subscription to our newsletter is successful.

      Explore more runZero

      Product
      Announcing runZero 5.0: Exposure management built to outpace AI-driven attacks
      When you're up against AI, every minute counts. Get deep, actionable intelligence across your entire attack surface to close the gaps and hold the...
      Product Videos
      runZero 5.0: Platform Demo
      With the new 5.0 release, runZero is giving defenders the edge they need to succeed in the AI-attack era.
      runZero Perspective
      BOD 26-04: A new era of prioritized remediation
      A complete breakdown of CISA's BOD 26-04 directive. Learn how the shift to SSVC, risk-based KEV prioritization, and 3-day remediation impacts your...
      runZero Perspective
      Dawn of the apex agentic adversary
      When agentic AI can weaponize exploits in seconds, visibility is everything. Stop the predator with runZero’s exposure management for the AI-attack...
      Webcasts
      runZero Hour, Ep. 32: AI-pocalypse now? Why the 2026 DBIR is actually good news
      In this episode of runZero Hour, Tod Beardsley, Brianna Cluck, and Verizon's Alex Pinto broke down 2026 DBIR trends, AI threats, and runZero 5.0.
      Podcasts
      The shadow era AI, exploits, and cybersecurity's 90s comeback
      HD Moore explains how AI is turning hacking back to the 90s, generating permanent exploit skeleton keys and breaking traditional defense.
      Talks
      Identifying exposures at scale with BloodHound OpenGraph
      Traditional exposure management misses hidden attack paths. Learn how BloodHound and Cypher queries can uncover vulnerabilities beyond individual...
      Podcasts
      When is a vulnerability not a vulnerability?
      Attackers care about outcomes, not CVEs. Tod Beardsley joins Distilled Security to discuss reframing risk from checklist compliance to adversary...

      See Results in Minutes

      See & secure your total attack surface. Even the unknowns & unmanageable.