Skip to main content

UniFi Protect EUVDEUVD-2026-41379

| CVE-2026-54407 HIGH
Improper Access Control (CWE-284)
2026-07-02 hackerone GHSA-x7fp-rqc2-wmg4
8.6
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
vuln.today AI
8.6 HIGH

Unauthenticated network-reachable API bypass (AV:N/AC:L/PR:N/UI:N); limited data exposure and tampering (C:L/I:L) with high service-disruption impact (A:H), no scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:35 vuln.today

DescriptionCVE.org

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.

AnalysisAI

Authentication bypass in Ubiquiti UniFi Protect Application lets a network-adjacent attacker reach certain API endpoints without valid credentials due to improper access control (CWE-284). Rated CVSS 8.6, the flaw combines low confidentiality and integrity impact with high availability impact, meaning an unauthenticated actor on the network could interact with protected surveillance-management functions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain network access to UniFi console
Delivery
Identify unprotected Protect API endpoint
Exploit
Send unauthenticated crafted API request
Execution
Bypass authentication check
Impact
Invoke protected functionality / disrupt Protect service

Vulnerability AssessmentAI

Exploitation The attacker requires network-level access to reach the UniFi Protect Application's affected API endpoints (per the description, 'access to the network'), and the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates no authentication, no user interaction, and low complexity are needed once those endpoints are reachable. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H, score 8.6) describes an easy-to-reach, unauthenticated, no-interaction bug - the classic profile of an exposed authentication bypass - with the severity driven mainly by high availability impact (A:H) alongside limited confidentiality and integrity effects. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has network reach to a UniFi console - for example a foothold on the same LAN/VLAN or an internet-exposed console - sends crafted requests directly to the affected UniFi Protect API endpoints without authenticating. Because the access-control check is missing, the endpoints respond, letting the attacker invoke protected functionality and potentially disrupt Protect services (consistent with the A:H impact). …
Remediation Patch available per vendor advisory: upgrade the UniFi Protect Application to the fixed version identified in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); an exact fix version was not included in the provided data, so confirm the target build from that advisory before updating. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all UniFi Protect deployments; verify network isolation from untrusted networks; audit current connectivity and administrative access patterns. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41379 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy