CVE Catalog

CVE-2026-54401

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Summary

An SSRF vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on the device or instance.

Risk Assessment

An attacker could gain full control over the UniFi device, leading to data confidentiality and integrity breaches and potential lateral movement within the network.

Recommendation

Immediately update UniFi OS to the latest patched version and restrict trust in network requests through segmentation and traffic filtering.

Original NVD description (English source)

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS