Latest Ubiquiti UniFi Protect vulnerabilities #
Ubiquiti disclosed multiple vulnerabilities affecting certain versions of the UniFi Protect Application:
- CVE-2026-54407: An improper access control vulnerability that allows a remote, unauthenticated attacker to bypass authentication on specific UniFi Protect Application API endpoints. The vulnerability has been designated CVE-2026-54407 and has been rated high with a CVSS score of 8.6.
- CVE-2026-54408: An improper access control vulnerability that allows a remote, unauthenticated attacker to bypass data streaming authentication. The vulnerability has been designated CVE-2026-54408 and has been rated high with a CVSS score of 8.6.
- CVE-2026-54409: An improper initialization vulnerability that allows a remote, unauthenticated attacker to bypass authentication on UniFi Protect cameras under certain conditions. The vulnerability has been designated CVE-2026-54409 and has been rated high with a CVSS score of 7.5.
- CVE-2026-55115: A Server-Side Request Forgery (SSRF) vulnerability that allows a remote, low-privileged attacker to escalate privileges on the host device. The vulnerability has been designated CVE-2026-55115 and has been rated critical with a CVSS score of 9.9.
- CVE-2026-56841: An authenticated SQL Injection (SQLi) vulnerability that allows a remote, low-privileged attacker to escalate privileges on the host device. The vulnerability has been designated CVE-2026-56841 and has been rated high with a CVSS score of 8.8.
The following versions are affected
- UniFi Protect Application: Versions 7.1.77 and prior.
What is Ubiquiti UniFi Protect? #
Ubiquiti UniFi Protect is a network video management application that operates on specialized local hardware to manage camera configuration, video recording, and event-based analytics for an integrated surveillance system.
What is the impact? #
Successful exploitation of these vulnerabilities allows an adversary to escalate privileges on the host device while gaining unauthorized access to the UniFi Protect API endpoints, data streaming, and connected cameras.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- UniFi Protect Application: Version 7.1.83 or later.
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
hw:="Ubiquiti _NVR%"
January 2026: CVE-2026-21633 and CVE-2026-21634 #
Ubiquiti disclosed multiple vulnerabilities affecting certain versions of the UniFi Protect Application:
- An improper authentication vulnerability via the discovery protocol. Successful exploitation allows a network-adjacent, unauthenticated adversary to obtain unauthorized access to UniFi Protect cameras. The vulnerability has been designated CVE-2026-21633 and has been rated high with a CVSS score of 8.8.
- A buffer overflow vulnerability via the discovery protocol. Successful exploitation allows a network-adjacent, unauthenticated adversary to restart the application, causing a denial-of-service (DoS) condition. The vulnerability has been designated CVE-2026-21634 and has been rated medium with a CVSS score of 6.5.
The following versions are affected
- UniFi Protect Application versions 6.1.79 and prior
What is the impact? #
Successful exploitation of the vulnerabilities would allow an adversary to gain unauthorized access to UniFi Protect cameras or cause denial-of-service (DoS) conditions limiting proper function.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- UniFi Protect Application upgrade to version 6.2.72 or later
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
hw:="Ubiquiti _NVR%"
May 2025: UniFi Protect IP cameras (CVE-2025-23123) #
In May 2025, Ubiquiti disclosed a vulnerability in its UniFi Protect IP cameras. This vulnerability allowed an unauthenticated attacker with access to the camera's management network to execute arbitrary code on the device.
This vulnerability was designated CVE-2025-23123 and had a CVSS score of 10.0 (critical).
What was the impact? #
An attacker with access to the camera's management interface would be able to execute arbitrary code on the device. This would allow the attacker to take complete control of the device.
Were updates or workarounds available? #
Ubiquiti released an update to the firmware, version 4.75.62, to address this issue. Users were recommended to update to this or a later version as quickly as possible.
How to find UniFi Protect cameras with runZero #
From the Asset inventory, use the following query to locate Ubiquiti IP cameras on your network:
hw:Ubiquiti type:Camera