CVE-2026-54401
Ubiquiti · UniFi OS Server
A Server-Side Request Forgery (SSRF) vulnerability in UniFi OS Server allows authenticated low-privileged users to escalate privileges.
Executive summary
An SSRF vulnerability in Ubiquiti UniFi OS Server permits low-privileged, network-adjacent attackers to achieve unauthorized privilege escalation.
Vulnerability
This vulnerability involves a Server-Side Request Forgery (SSRF) flaw within the UniFi OS Server. An attacker with low-level authenticated access to the network can manipulate server requests to perform unauthorized actions, leading to privilege escalation.
Business impact
The successful exploitation of this vulnerability poses a significant risk to organizational infrastructure by allowing unauthorized users to gain administrative control over network management devices. With a CVSS score of 7.7 (High), this flaw represents a substantial risk of lateral movement and full system compromise, potentially leading to widespread network disruption and data exfiltration.
Remediation
Immediate Action: Apply the latest security patches provided by Ubiquiti as soon as they become available to address the underlying SSRF vulnerability.
Proactive Monitoring: Review system and network access logs for unusual outbound requests originating from the UniFi OS appliance that deviate from baseline traffic patterns.
Compensating Controls: Restrict management interface access to trusted administrative subnets only and employ network segmentation to limit the reach of low-privileged accounts.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the potential for privilege escalation and the critical role UniFi OS plays in network management, this vulnerability requires immediate attention. Administrators should prioritize the deployment of vendor-supplied patches and enforce strict access controls on the management interface to mitigate the risk of unauthorized escalation.