Vulnerabilities in Ubiquiti Inc
56 resultsCVE-2026-47369CRITICALA malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain deEPSS 0.3%CVE-2025-23164MEDIUMA misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share EPSS 0.3%CVE-2025-24290CRITICALMultiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor wEPSS 0.3%CVE-2025-27216HIGHMultiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to eEPSS 0.3%CVE-2026-21639MEDIUMA malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote EPSS 0.3%CVE-2026-48610HIGHUnder certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found EPSS 0.3%CVE-2025-27215HIGHAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsuEPSS 0.2%CVE-2025-27213MEDIUMAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug BEPSS 0.2%CVE-2025-23117MEDIUMAn Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras aEPSS 0.2%CVE-2025-59467HIGHA Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation EPSS 0.2%CVE-2025-52663HIGHA vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This iEPSS 0.2%CVE-2025-23091MEDIUMAn Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-EPSS 0.2%CVE-2025-23118MEDIUMAn Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent EPSS 0.2%CVE-2024-42028HIGHA Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and eaEPSS 0.2%CVE-2025-24289HIGHA Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlierEPSS 0.1%CVE-2026-21635MEDIUMAn Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feaEPSS 0.1%