10
CVEs
5
Critical
3
High
0
KEV
0
PoC
8
Unpatched C/H
0.0%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
3
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (6)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-23123 | A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 1.7% | 52 |
No patch
|
| CVE-2026-22557 | A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed. | CRITICAL | 10.0 | 0.0% | 50 |
No patch
|
| CVE-2026-22559 | Ubiquiti UniFi Network Server versions 10.1.85 and earlier are vulnerable to account takeover through improper input validation when users click malicious links in social engineering attacks. An attacker can gain unauthorized account access with high impact on confidentiality, integrity, and availability. Users should upgrade to version 10.1.89 or later to remediate this vulnerability. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22558 | UniFi Network Application allows authenticated attackers to escalate privileges via NoSQL injection with high confidentiality impact. The vulnerability enables network-accessible attackers holding low-privilege credentials to exploit database queries and access sensitive information belonging to higher-privileged users or contexts. With an EPSS score of 0.03% (7th percentile) and no public exploit identified at time of analysis, real-world exploitation probability is currently assessed as low despite the 7.7 CVSS severity rating. | HIGH | 7.7 | 0.0% | 39 |
No patch
|
| CVE-2025-23164 | A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available. | MEDIUM | 4.4 | 0.2% | – |
No patch
|
| CVE-2025-27212 | An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.4% | – |
No patch
|
| CVE-2025-24285 | Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV Station Lite. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.3% | – |
No patch
|
| CVE-2025-27213 | An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 4.9 | 0.0% | – |
No patch
|
| CVE-2025-27214 | A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.1% | – |
No patch
|
| CVE-2025-27215 | An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.1 | 0.0% | – |
No patch
|