Ubiquiti security advisory (AV26-671)
Serial number: AV26-671 Date: July 8, 2026 On July 2, 2026, Ubiquiti published a security advisory to address critical vulnerabilities in the following products: EF-Core – version 5.1.18 and prior EFG – version 5.1.15 and prior ENVR – version 5.1.15 and prior ENVR-Core – version 5.1.15 and prior Express 7 – version 5.1.15 and prior UCG-Fiber – version 5.1.15 and prior UCG-Industrial – version 5.1.15 and prior UCG-Max – version 5.1.15 and prior UCG-Ultra – version 5.1.15 and prior UCK – version 5.1.15 and prior UCK-Enterprise – version 5.1.15 and prior UCKP – version 5.1.15 and prior UDM – version 5.1.15 and prior UDM-Beast – version 5.1.15 and prior UDM-Pro – version 5.1.15 and prior UDM-Pro – version 5.1.15 and prior UDM-Pro-Max – version 5.1.15 and prior UDM-SE – version 5.1.15 and prior UDR – version 5.1.15 and prior UDR-5G – version 5.1.15 and prior UDR7 – version 5.1.15 and prior UDW – version 5.1.15 and prior UNAS-2 – version 5.1.16 and prior UNAS-4 – version 5.1.16 and prior UNAS-Pro – version 5.1.16 and prior UNAS-Pro-4 – version 5.1.16 and prior UNAS-Pro-8 – version 5.1.16 and prior UniFi Access Application – version 4.2.28 and prior UniFi Network Application – version 10.3.58 and prior UniFi OS Server – version 5.1.15 and prior UniFi Protect Application – version 7.1.77 and prior UniFi Protect Floodlight – version 1.13.4 and prior UniFi Talk Application – version 5.1.2 and prior UNVR – version 5.1.15 and prior UNVR-G2 – version 5.1.15 and prior UNVR-G2-Pro – version 5.1.15 and prior UNVR-Instant – version 5.1.15 and prior UNVR-Pro – version 5.1.15 and prior The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Ubiquiti UniFi - Security Advisory Bulletin 066
CSIRTS triage
- What
- Critical vulnerabilities have been identified in multiple Ubiquiti products.
- Who is affected
- Users of Ubiquiti products with specified versions are affected.
- Urgency
- Remediation is critical due to the severity being critical and no known exploitation.
- Action
- Update all affected Ubiquiti products to the latest versions.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/cyber-n8n-security-advisory-av26-672
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09