A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Appl...
Description
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device
AI Analyst Comment
Remediation
Apply vendor patches immediately. Review database access controls and enable query logging.
---METADATA---
VENDOR: Ubiquiti
PRODUCT: UniFi Protect Application
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
An authenticated SQL injection vulnerability in the UniFi Protect Application allows low-privileged users to escalate their privileges on the host device.
Executive Summary:
A critical SQL injection vulnerability in the Ubiquiti UniFi Protect Application allows low-privileged users to escalate their privileges on the host system.
Vulnerability Details
CVE-ID: CVE-2026-56841
Affected Software: Ubiquiti UniFi Protect Application
Affected Versions: See vendor advisory for affected versions
Vulnerability: This is an authenticated SQL injection vulnerability that permits a user with low privileges to execute arbitrary SQL commands. By exploiting this flaw, the attacker can manipulate the application's backend database to gain elevated, potentially administrative, privileges on the host device.
Business Impact
The CVSS score of 8.8 underscores the gravity of this flaw, as it grants attackers the ability to bypass intended access controls. Exploitation could lead to unauthorized control over surveillance hardware, modification of security policies, or access to sensitive recorded data, resulting in significant operational and security impacts.
Remediation Plan
Immediate Action: Apply the vendor-provided security patches for the UniFi Protect Application to address the underlying SQL injection vulnerability.
Proactive Monitoring: Review database logs for anomalous queries or unauthorized attempts to access tables outside the user's normal scope of operation.
Compensating Controls: Reduce the attack surface by enforcing the principle of least privilege for all user accounts and employing input validation via security gateways or WAFs.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability presents a clear risk to system integrity and must be addressed promptly. Security teams should prioritize patching the UniFi Protect Application and perform a thorough review of administrative account activity to ensure no unauthorized privilege escalation has already occurred.