Improper Access Control Vulnerability in UniFi Access Application by Ubiquiti
CVE-2026-54400

9.1CRITICAL

Key Information:

Vendor
CVE Published:
2 July 2026

What is CVE-2026-54400?

A vulnerability in the UniFi Access Application allows a high-privileged attacker with network access to exploit improper access control mechanisms, facilitating unauthorized privilege escalation on the host device. This poses risks to the integrity and confidentiality of the system, enabling malicious actors to gain elevated permissions and potentially compromise sensitive data.

Affected Version(s)

UniFi Access Application 0 < 4.2.29

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.