NCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks
Ubiquiti Networks has fixed vulnerabilities in various UniFi products, including UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application, and UniFi Protect Application. The vulnerabilities affect multiple UniFi products and include command injection, SQL injection, improper input validation, improper access control, server-side request forgery (SSRF), path traversal, authentication bypass, and persistent privilege escalation. Attackers with network access, sometimes with limited privileges and sometimes after authentication, can execute arbitrary commands, escalate privileges, read or modify files, bypass authentication, and cause Denial of Service (DoS). Some vulnerabilities require user interaction, such as visiting a malicious website, while others can be exploited directly via network access. The vulnerabilities are present in applications and platforms used for network management, access control, video surveillance, and security monitoring within the UniFi product line.
CSIRTS triage
- What
- Various vulnerabilities in UniFi products allow attackers to execute arbitrary commands, escalate privileges, and cause denial of service.
- Who is affected
- Attackers with network access to UniFi products can exploit these vulnerabilities.
- Urgency
- Remediation is urgent due to the high potential for exploitation and impact.
- Action
- Update all affected UniFi products to the latest versions.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch UniFi products
Get an email when a new UniFi products advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0221
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-507460.83% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 53% of all scored CVEs.
- Low exploitation riskCVE-2026-507470.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-507480.81% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Low exploitation riskCVE-2026-544000.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-544010.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all scored CVEs.
- Low exploitation riskCVE-2026-544020.87% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 55% of all scored CVEs.
- Low exploitation riskCVE-2026-544030.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-544040.25% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-544050.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all scored CVEs.
- Low exploitation riskCVE-2026-544060.33% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Ubiquiti UniFi: Multiple vulnerabilitiescert-bund
- highCVE-2026-56842: A malicious actor with access to the network and under certain conditions could exploit an Inc…nvd
- highCVE-2026-56841: A malicious actor with access to the network and low privileges could exploit an authenticated…nvd
- highCVE-2026-55119: A malicious actor with access to the network and low privileges could exploit an Improper Acce…nvd
- highCVE-2026-55118: A malicious actor with access to the network,low privileges and under certain conditions could…nvd
- highCVE-2026-55117: A malicious actor with access to the network could exploit a Path Traversal vulnerability foun…nvd
- criticalCVE-2026-55116: A malicious actor with access to the network and under certain network configurations could ex…nvd
- criticalCVE-2026-55115: A malicious actor with access to the network and low privileges could exploit a Server-Side Re…nvd
- highCVE-2026-55114: A malicious actor with access to the network and low privileges could exploit an Improper Acce…nvd
- highCVE-2026-55113: A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF…nvd
- highCVE-2026-55112: A malicious actor with access to the network and low privileges and under certain conditions c…nvd
- highCVE-2026-55111: A malicious actor with access to the network could exploit a Path Traversal vulnerability foun…nvd
Recent advisories for UniFi products from
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalexploitedCVE-2026-20045: Cisco Unified Communications Products Code Injection Vulnerabilitycisa-kev · 2026-01-21
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03
- unknownNCSC-2026-0218 [1.00] [M/H] Vulnerability fixed in Cisco Catalyst Center2026-07-02