8.8
CVE-2026-54401
- EPSS 0.22%
- Veröffentlicht 02.07.2026 14:49:17
- Zuletzt bearbeitet 10.07.2026 02:50:13
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ui ≫ Unifi Os Server Version <= 5.1.15
Ui ≫ Unifi Dream Machine Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Special Edition Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Pro Max Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Machine Beast Firmware Version <= 5.1.15
Ui ≫ Enterprise Fortress Gateway Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Wall Firmware Version <= 5.1.15
Ui ≫ Unifi Dream Router 7 Firmware Version <= 5.1.15
Ui ≫ Unifi Express 7 Firmware Version <= 5.1.15
Ui ≫ Unifi Cloudkey Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Key Plus Firmware Version <= 5.1.15
Ui ≫ Unifi Cloudkey Enterprise Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder Instant Firmware Version <= 5.1.15
Ui ≫ Enterprise Network Video Recorder Firmware Version <= 5.1.15
Ui ≫ Enterprise Network Video Recorder Core Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder G2 Firmware Version <= 5.1.15
Ui ≫ Unifi Network Video Recorder G2 Pro Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Ultra Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Max Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Industrial Firmware Version <= 5.1.15
Ui ≫ Unifi Cloud Gateway Fiber Firmware Version <= 5.1.15
Ui ≫ Unas 2 Firmware Version <= 5.1.16
Ui ≫ Unas 4 Firmware Version <= 5.1.16
Ui ≫ Unas Pro Firmware Version <= 5.1.16
Ui ≫ Unas Pro 4 Firmware Version <= 5.1.16
Ui ≫ Unas Pro 8 Firmware Version <= 5.1.16
Ui ≫ Enterprise Firewall Core Firmware Version <= 5.1.18
Ui ≫ Unifi Dream Router 5g Max Firmware Version <= 5.1.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| support@hackerone.com | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc