Skip to main content

UniFi Protect EUVDEUVD-2026-41399

| CVE-2026-56841 HIGH
SQL Injection (CWE-89)
2026-07-02 hackerone GHSA-472v-99p9-6699
8.8
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable SQLi needs a low-privilege account (PR:L) and no user interaction (AC:L/UI:N); host privilege escalation yields high C/I/A on the same appliance (S:U).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:39 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.

AnalysisAI

Privilege escalation in Ubiquiti's UniFi Protect Application is possible through an authenticated SQL injection (CWE-89) reachable by a low-privileged user with network access, letting that attacker escalate privileges on the underlying host device with full confidentiality, integrity, and availability impact. The flaw was reported through HackerOne and disclosed in Ubiquiti Security Advisory Bulletin 066; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege Protect account
Delivery
Reach Protect network endpoint
Exploit
Inject crafted SQL payload
Execution
Manipulate backend database query
Persist
Escalate privileges on host device
Impact
Full control of UniFi console/NVR

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated low-privileged account on the UniFi Protect Application (CVSS PR:L) with network reachability to the Protect interface (AV:N); no user interaction is required (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (8.8, High) indicates a network-reachable, low-complexity attack requiring only low privileges and no user interaction, with high impact across all three security properties - a strong signal for prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privileged UniFi Protect account (for example a viewer credential that was phished, reused, or shared) sends crafted input to a vulnerable Protect endpoint over the network, injecting SQL that manipulates the backend query. Because the database runs on the appliance with elevated context, the attacker leverages the injection to escalate to host-level privileges on the UniFi console/NVR. …
Remediation Patch available per vendor advisory: upgrade the UniFi Protect Application to the fixed version documented in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); the exact fixed version is not enumerated in the provided input, so confirm the target build directly from that advisory before scheduling. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct asset discovery to identify all UniFi Protect instances and assess network exposure; implement network segmentation to restrict administrative access to trusted management networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41399 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy