CVE-2026-54400
Ubiquiti · UniFi Access Application
An Improper Access Control vulnerability in the Ubiquiti UniFi Access Application allows an authenticated attacker with high privileges to escalate their permissions on the host device.
Executive summary
A critical privilege escalation vulnerability in the Ubiquiti UniFi Access Application poses a severe risk to host system integrity and unauthorized administrative control.
Vulnerability
This vulnerability involves improper access control within the application, which can be leveraged by an already authenticated attacker with high-level user privileges to achieve unauthorized privilege escalation on the underlying host.
Business impact
The ability for an attacker to escalate privileges on the host device represents a complete compromise of the affected system. Given the CVSS score of 9.1, the business impact includes potential unauthorized access to sensitive network management functions, exfiltration of configuration data, and potential lateral movement within the production network.
Remediation
Immediate Action: Update the Ubiquiti UniFi Access Application to the latest available vendor-provided version immediately.
Proactive Monitoring: Review system access logs for anomalous privilege escalation patterns or unauthorized administrative command execution.
Compensating Controls: Restrict management interface access to trusted administrative subnets to minimize the exposure of high-privilege accounts.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability carries a critical severity rating due to the potential for full system compromise via privilege escalation. Administrators should prioritize patching the UniFi Access Application across all deployments to mitigate the risk of unauthorized host-level access.