7.5 CVE-2026-54409

Enriched by CISA
 

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.
https://nvd.nist.gov/vuln/detail/CVE-2026-54409

Categories

CWE-665 : Improper Initialization
This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.

References


 

AFFECTED (from MITRE)


Vendor Product Versions
Ubiquiti Inc UniFi Protect Application
  • < 7.1.83 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
26 Leveraging Race Conditions
High
29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
High