Vendor scorecard
Ubiquiti
Ubiquiti security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: ui
Product families
4
Open in latest
4
Inferred — see methodology
Last disclosure
Jul 2, 2026
01
Product categories
4 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| UniFiRouting & Switching · Wireless LANunifi, unifi_network_application, unifi_network_server… | 5 | 0 | 0.7.0LOW | ||
| UniFi Protect/Videounifi_protect, unifi_video | 4 | 2 | 3.10.2MED | ||
| EdgeOS/EdgeMAXRouting & Switchingedgeos, edgemax_firmware | 0 | 2 | 1.9.7LOW | ||
| AirMax/WirelessWireless LANairmax_airos, airos, aircam_firmware | 0 | 0 | 8.3.2MED |
02
Recent CVEs
9 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-56842(opens NVD record) | High | 7.5 | A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed. | Jul 2, 2026 |
| CVE-2026-56841(opens NVD record) | High | 8.8 | A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device. | Jul 2, 2026 |
| CVE-2026-55118(opens NVD record) | High | 8.3 | A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | Jul 2, 2026 |
| CVE-2026-55114(opens NVD record) | High | 8.8 | A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application. | Jul 2, 2026 |
| CVE-2026-54407(opens NVD record) | High | 8.6 | A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints. | Jul 2, 2026 |
| CVE-2026-54406(opens NVD record) | High | 8.7 | A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device. | Jul 2, 2026 |
| CVE-2026-54405(opens NVD record) | High | 7.5 | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application. | Jul 2, 2026 |
| CVE-2026-21634(opens NVD record) | Medium | 6.5 | A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | Jan 5, 2026 |
| CVE-2026-21633(opens NVD record) | High | 8.8 | A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | Jan 5, 2026 |
9 CVEs · 4 product families