Skip to main content

UniFi Access EUVDEUVD-2026-41386

| CVE-2026-54400 CRITICAL
Improper Access Control (CWE-284)
2026-07-02 hackerone GHSA-rwfh-5cw2-f7g6
9.1
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.1 CRITICAL

Requires existing high app privileges (PR:H) over the network (AV:N) with no user interaction; the application-to-host escalation justifies S:C and full C/I/A impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:31 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

AnalysisAI

Privilege escalation in Ubiquiti's UniFi Access Application allows an attacker who already holds high privileges and network reachability to break out and gain elevated control of the underlying host device. The flaw is an improper access control issue (CWE-284) tagged as an authentication bypass, carrying a CVSS 9.1 (Critical) rating driven largely by its scope-changing impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege UniFi Access account
Delivery
Reach management interface over network
Exploit
Abuse improper access control (auth bypass)
Execution
Cross application-to-host boundary (scope change)
Persist
Escalate to host device control
Impact
Compromise access-control host

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold high privileges within the UniFi Access Application (CVSS PR:H) and to have network reachability to the application/management interface (AV:N); no user interaction is needed (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H = 9.1 Critical) shows a network-reachable, low-complexity attack requiring no user interaction but requiring high existing privileges (PR:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a high-privilege UniFi Access account (e.g., a rogue administrator or an adversary who phished/reused admin credentials) connects over the network to the management interface and abuses the improper access control flaw to execute actions against the underlying host device, escalating from application admin to host-level control. Because the scope changes, the attacker can then manipulate the device that enforces physical door access. …
Remediation Apply the vendor's fixed release for UniFi Access as described in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); the exact fixed version is not included in the provided data, so confirm the target version directly from that advisory before deploying - Patch available per vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit all UniFi Access administrative account holders and review logs for unauthorized access or suspicious privilege escalation attempts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41386 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy