Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-54401 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 7.7 HIGH |
| A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances. | |||||
| CVE-2026-54402 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 9.9 CRITICAL |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device. | |||||
| CVE-2026-54404 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 8.8 HIGH |
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | |||||
| CVE-2026-54403 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 8.6 HIGH |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances. | |||||
| CVE-2026-55112 | 1 Ui | 38 Enterprise Network Video Recorder, Enterprise Network Video Recorder Core, Enterprise Network Video Recorder Core Firmware and 35 more | 2026-07-10 | N/A | 7.5 HIGH |
| A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device. | |||||
| CVE-2026-55110 | 1 Ui | 59 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 56 more | 2026-07-09 | N/A | 7.5 HIGH |
| A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. | |||||
| CVE-2026-34911 | 1 Ui | 61 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 58 more | 2026-06-24 | N/A | 7.7 HIGH |
| A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information. | |||||
| CVE-2026-34908 | 1 Ui | 61 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 58 more | 2026-06-24 | N/A | 10.0 CRITICAL |
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |||||
| CVE-2026-34909 | 1 Ui | 63 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 60 more | 2026-06-24 | N/A | 10.0 CRITICAL |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account. | |||||
| CVE-2026-34910 | 1 Ui | 61 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 58 more | 2026-06-24 | N/A | 10.0 CRITICAL |
| A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |||||
