Skip to main content

Unifi Protect

6 CVEs product

Monthly

CVE-2026-21634 MEDIUM This Month

UniFi Protect Application versions 6.1.79 and earlier suffer from a buffer overflow in the discovery protocol that allows adjacent network attackers to trigger denial of service by causing the application to restart. The vulnerability requires network proximity but no authentication or user interaction, making it exploitable by any attacker on the same network segment. Administrators should upgrade to version 6.2.72 or later to remediate this issue.

Buffer Overflow Unifi Protect
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21633 HIGH This Week

UniFi Protect Camera versions 6.1.79 and earlier contain an authentication bypass in their discovery protocol that allows adjacent network attackers to gain unauthorized access without credentials. An attacker on the local network can exploit this vulnerability to compromise camera systems and obtain full control. No patch is currently available, though updating to version 6.2.72 or later is recommended as mitigation.

Authentication Bypass Unifi Protect
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2021-22957 HIGH PATCH This Week

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-22944 HIGH This Week

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-22943 CRITICAL Act Now

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Protect
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2020-8213 MEDIUM This Month

An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
CVSS 3.1
5.3
EPSS
1.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

UniFi Protect Application versions 6.1.79 and earlier suffer from a buffer overflow in the discovery protocol that allows adjacent network attackers to trigger denial of service by causing the application to restart. The vulnerability requires network proximity but no authentication or user interaction, making it exploitable by any attacker on the same network segment. Administrators should upgrade to version 6.2.72 or later to remediate this issue.

Buffer Overflow Unifi Protect
NVD
EPSS 0% CVSS 8.8
HIGH This Week

UniFi Protect Camera versions 6.1.79 and earlier contain an authentication bypass in their discovery protocol that allows adjacent network attackers to gain unauthorized access without credentials. An attacker on the local network can exploit this vulnerability to compromise camera systems and obtain full control. No patch is currently available, though updating to version 6.2.72 or later is recommended as mitigation.

Authentication Bypass Unifi Protect
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubiquiti Information Disclosure Unifi Protect
NVD
EPSS 0% CVSS 8.0
HIGH This Week

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Authentication Bypass Unifi Protect
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti Information Disclosure Unifi Protect
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy