CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Ubiquiti security advisory (AV26-671)

critical
Serial number: AV26-671 Date: July 8, 2026 On July 2, 2026, Ubiquiti published a security advisory to address critical vulnerabilities in the following products: EF-Core – version 5.1.18 and prior EFG – version 5.1.15 and prior ENVR – version 5.1.15 and prior ENVR-Core – version 5.1.15 and prior Express 7 – version 5.1.15 and prior UCG-Fiber – version 5.1.15 and prior UCG-Industrial – version 5.1.15 and prior UCG-Max – version 5.1.15 and prior UCG-Ultra – version 5.1.15 and prior UCK – version 5.1.15 and prior UCK-Enterprise – version 5.1.15 and prior UCKP – version 5.1.15 and prior UDM – version 5.1.15 and prior UDM-Beast – version 5.1.15 and prior UDM-Pro – version 5.1.15 and prior UDM-Pro – version 5.1.15 and prior UDM-Pro-Max – version 5.1.15 and prior UDM-SE – version 5.1.15 and prior UDR – version 5.1.15 and prior UDR-5G – version 5.1.15 and prior UDR7 – version 5.1.15 and prior UDW – version 5.1.15 and prior UNAS-2 – version 5.1.16 and prior UNAS-4 – version 5.1.16 and prior UNAS-Pro – version 5.1.16 and prior UNAS-Pro-4 – version 5.1.16 and prior UNAS-Pro-8 – version 5.1.16 and prior UniFi Access Application – version 4.2.28 and prior UniFi Network Application – version 10.3.58 and prior UniFi OS Server – version 5.1.15 and prior UniFi Protect Application – version 7.1.77 and prior UniFi Protect Floodlight – version 1.13.4 and prior UniFi Talk Application – version 5.1.2 and prior UNVR – version 5.1.15 and prior UNVR-G2 – version 5.1.15 and prior UNVR-G2-Pro – version 5.1.15 and prior UNVR-Instant – version 5.1.15 and prior UNVR-Pro – version 5.1.15 and prior The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Ubiquiti UniFi - Security Advisory Bulletin 066

CSIRTS triage

vendor: UbiquitiOtheraffected: version 5.1.18 and prior, version 5.1.15 and prior
What
Critical vulnerabilities have been identified in multiple Ubiquiti products.
Who is affected
Users of Ubiquiti products with specified versions are affected.
Urgency
Remediation is critical due to the severity being critical and no known exploitation.
Action
Update all affected Ubiquiti products to the latest versions.

AI-assisted analysis generated from the source advisory — verify against the original.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
critical
Published
2026-07-08
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/cyber-n8n-security-advisory-av26-672

More from Canadian Centre for Cyber Security