Skip to main content

UniFi Protect CVE-2026-54408

| EUVDEUVD-2026-41383 HIGH
Improper Access Control (CWE-284)
2026-07-02 hackerone GHSA-jrx2-468w-2jv8
8.6
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
vuln.today AI
8.6 HIGH

Network-reachable authentication bypass with no privileges or interaction (AV:N/AC:L/PR:N/UI:N); primary impact is video/data exposure (C:H) with limited integrity/availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:35 vuln.today

DescriptionCVE.org

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.

AnalysisAI

Authentication bypass in Ubiquiti's UniFi Protect Application lets a network-adjacent attacker access data streams without valid credentials, stemming from improper access control (CWE-284). The CVSS 8.6 rating reflects high confidentiality impact with low integrity/availability effects, and no authentication or user interaction is required per the vector. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain reachability to Protect console network
Delivery
Send request to data-streaming endpoint
Exploit
Bypass authentication check (CWE-284)
Execution
Access live/recorded video streams
Impact
Exfiltrate surveillance data

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the UniFi Protect Application's data-streaming interface on a UniFi console/NVR; the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates no authentication, no user interaction, and low complexity against affected versions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are mostly aligned toward elevated but not maximal priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained a foothold on the same LAN or an adjacent reachable network segment as a UniFi Protect console (for example via a compromised IoT device or guest Wi-Fi that can route to the management network) sends requests directly to the Protect data-streaming interface. Because the access-control check is bypassable, they retrieve live or recorded camera video without valid credentials. …
Remediation Patch available per vendor advisory: update UniFi Protect to the fixed release identified in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); an exact fixed version number is not provided in the source data, so consult that advisory for the precise build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit and inventory all UniFi Protect NVRs and controllers; restrict network access to management and video streaming ports (443, 7442, 7443) via firewall rules and network segmentation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54408 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy