Unifi Protect
CVE-2026-21633
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).
Affected Products:
UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation:
Update your UniFi Protect Application to Version 6.2.72 or later.
AnalysisAI
UniFi Protect Camera versions 6.1.79 and earlier contain an authentication bypass in their discovery protocol that allows adjacent network attackers to gain unauthorized access without credentials. An attacker on the local network can exploit this vulnerability to compromise camera systems and obtain full control. No patch is currently available, though updating to version 6.2.72 or later is recommended as mitigation.
Technical ContextAI
Classified as CWE-287 (Improper Authentication). Affects Unifi Protect. A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).
Affected Products:
UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation:
Update your UniFi Protect Application to Version 6.2.72 or later.
RemediationAI
Monitor vendor advisories for a patch.
More in Unifi Protect
View allA vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allow
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role an
UniFi Protect Application versions 6.1.79 and earlier suffer from a buffer overflow in the discovery protocol that allow
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attacke
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today