SQL Injection Vulnerabilities in UniFi OS Devices by Ubiquiti Networks
CVE-2026-54404

8.8HIGH

What is CVE-2026-54404?

A series of authenticated SQL Injection vulnerabilities discovered in UniFi OS allows malicious users with network access and limited privileges to manipulate SQL queries. This exploitation can lead to unauthorized privilege escalation within affected devices, potentially compromising the integrity and security of network configurations.

Affected Version(s)

Cloud Gateways 0 < 5.1.19

Cloud Keys 0 < 5.1.19

Dream Machines 0 < 5.1.19

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.