CVE Catalog
CVE-2026-54407
HighCVSS 8.6Summary
An improper access control vulnerability in UniFi Protect Application allows an attacker with network access to bypass authentication in certain API endpoints.
Risk Assessment
An attacker could gain unauthorized access to API functions, potentially compromising the confidentiality and integrity of surveillance data.
Recommendation
Immediately update UniFi Protect Application to the latest patched version and restrict network access to the API to trusted hosts only.
Original NVD description (English source)
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.

