CVE-2026-54407
Ubiquiti · UniFi Protect Application
An improper access control vulnerability in the UniFi Protect Application allows network-adjacent attackers to bypass authentication on specific API endpoints.
Executive summary
A critical authentication bypass vulnerability in the Ubiquiti UniFi Protect Application poses a severe risk of unauthorized access to security camera management functions.
Vulnerability
This vulnerability resides in the application's API endpoints and stems from improper access control mechanisms. It allows a network-adjacent attacker to bypass authentication requirements, effectively operating without valid credentials.
Business impact
Successful exploitation allows an unauthorized actor to interact with the UniFi Protect API, potentially compromising video surveillance feeds and system settings. Given the CVSS score of 8.6, this vulnerability represents a high-risk scenario where confidentiality and integrity of physical security monitoring systems are threatened, potentially facilitating further network infiltration.
Remediation
Immediate Action: Consult the official Ubiquiti security portal to identify and apply the necessary firmware or software updates to patch the affected API endpoints.
Proactive Monitoring: Inspect network traffic for unusual API calls originating from unauthorized or unexpected internal network segments.
Compensating Controls: Restrict network access to the UniFi Protect management interface using VLAN segmentation and strict firewall rules to ensure only authorized endpoints can reach the service.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this flaw necessitates immediate attention. Organizations must prioritize identifying vulnerable instances within their infrastructure and applying the vendor-supplied patches as soon as they become available to prevent unauthorized access to sensitive surveillance data.