CVE-2026-54407
HIGHUbiquiti INC UniFi Protect Application < 7.1.83 - Improper Access Control
Title source: ruleDescription
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
References (1)
Core 1
Scores
CVSS v3
8.6
EPSS
0.0031
EPSS Percentile
22.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (2)
Ubiquiti Inc/UniFi Protect Application
< 7.1.83
ui/unifi_protect
< 7.1.83
Published
Jul 02, 2026
Tracked Since
Jul 02, 2026