CVE Catalog
CVE-2026-54404
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk0.24%
15th percentile — higher than 15% of all known CVEs
Summary
An SQL Injection vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on affected UniFi OS devices or instances.
Risk Assessment
The organization risks unauthorized control over UniFi devices, potentially leading to network and data integrity breaches.
Recommendation
Immediately update UniFi OS to the latest patched version and restrict network access to trusted hosts only.
Original NVD description (English source)
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.

