CVE Catalog
CVE-2026-54401
HighCVSS 7.7Summary
An SSRF vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on the device or instance.
Risk Assessment
An attacker could gain full control over the UniFi device, leading to data confidentiality and integrity breaches and potential lateral movement within the network.
Recommendation
Immediately update UniFi OS to the latest patched version and restrict trust in network requests through segmentation and traffic filtering.
Original NVD description (English source)
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

