Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.1

CVE-2026-54400: UniFi Access App: Malicious access can lead to host takeover

CVE-2026-54400 CVE-2026-54400
Summary

The UniFi Access Application has a security weakness that could allow an attacker with high privileges to take control of the host device. This is a serious concern because it could lead to unauthorized access and data theft. To protect your network, ensure you have the latest UniFi software updates installed and follow best practices for access control.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
ubiquiti inc unifi access application < 4.2.29
Original title
A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.
Original description
A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.
nvd CVSS3.1 9.1
Vulnerability type
CWE-284 Improper Access Control
Published: 2 Jul 2026 · Updated: 3 Jul 2026 · First seen: 2 Jul 2026