CVE Catalog

CVE-2026-56841

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Summary

An authenticated SQL Injection vulnerability in UniFi Protect Application allows an attacker with network access and low privileges to escalate privileges on the host device by injecting malicious SQL code.

Risk Assessment

The organization is at risk of an attacker gaining control over the host device, potentially leading to data confidentiality and integrity breaches and further network attacks.

Recommendation

Immediately update UniFi Protect Application to the latest patched version and restrict network access to the application to trusted users only.

Original NVD description (English source)

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS