CVE Catalog

CVE-2026-54404

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

An SQL Injection vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on affected UniFi OS devices or instances.

Risk Assessment

The organization risks unauthorized control over UniFi devices, potentially leading to network and data integrity breaches.

Recommendation

Immediately update UniFi OS to the latest patched version and restrict network access to trusted hosts only.

Original NVD description (English source)

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS