8.6

CVE-2026-54407

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UiUnifi Protect Version < 7.1.83
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.209
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
support@hackerone.com 8.6 3.9 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc
Vendor Advisory