CVE-2026-54402 – Ubiquiti UniFi Platform

CVSS 9.9 CRITICAL Critical or Zero Day – Immediate Deployment

“One weak entry point can quickly become full control when critical vulnerabilities stack together.”

This security update addresses multiple critical vulnerabilities affecting the Ubiquiti UniFi platform, including UniFi Talk Application, UniFi Access Application, UniFi OS Server, UniFi Protect Application, and Dream Machines. The issues include authenticated SQL injection, command injection, improper access control, and server-side request forgership (SSRF), all of which could allow an authenticated attacker on the network to escalate privileges, execute commands, or make unauthorized changes to affected devices.

CVE-2026-50747 has a CVSS score of 9.9, which is Critical severity. CVE-2026-50748 has a CVSS score of 9.9, which is Critical severity. CVE-2026-54400 has a CVSS score of 9.1, which is Critical severity. CVE-2026-54402 has a CVSS score of 9.9, which is Critical severity. CVE-2026-55115 has a CVSS score of 9.9, which is Critical severity. CVE-2026-55116 has a CVSS score of 9.0, which is Critical severity. No verified real-world exploitation or public proof-of-concept has been confirmed for these vulnerabilities.

Key Details

Affected Product
Ui Unifi Os Server
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-20
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.