Skip to main content

UniFi Network Application EUVDEUVD-2026-41380

| CVE-2026-54405 HIGH
Improper Input Validation (CWE-20)
2026-07-02 hackerone GHSA-j2cq-vphm-g3w3
7.5
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated, low-complexity input-validation flaw with no user interaction; impact is availability-only (process crash), so C:N/I:N/A:H and scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:33 vuln.today

DescriptionCVE.org

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.

AnalysisAI

Denial of service in Ubiquiti's UniFi Network Application allows a remote, unauthenticated attacker with network access to crash or render the application unavailable by sending malformed input that the application fails to properly validate (CWE-20). The flaw carries a CVSS 7.5 rating driven entirely by availability impact (C:N/I:N/A:H), with no confidentiality or integrity consequences. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach UniFi controller over network
Delivery
Send crafted malformed request
Exploit
Trigger improper input validation flaw
Execution
Crash or hang application process
Impact
Management controller unavailable (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to the UniFi Network Application's listening service; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication and no user interaction are needed, so any actor able to route packets to the controller can attempt it against default configurations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) describes a low-complexity, network-reachable, unauthenticated attack requiring no user interaction, but the impact is strictly availability - there is no data exposure or code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the UniFi Network Application over the network sends a crafted, malformed request that the application fails to validate, causing the process to crash or hang and taking the management controller offline. Repeating the request keeps the controller unavailable, disrupting monitoring and administration of the managed UniFi fleet. …
Remediation Upgrade UniFi Network Application to the fixed release identified in Ubiquiti Security Advisory Bulletin 066-066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); the exact patched version number is not specified in the available data and should be taken directly from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all UniFi Network Application instances in your environment and assess criticality to business operations; implement network-level access controls to restrict connectivity to the application from untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41380 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy