CVE-2026-48610 PUBLISHED

Assigner: hackerone
Reserved: 22.05.2026 Published: 12.06.2026 Updated: 12.06.2026

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Ubiquiti Inc
Product	UDM
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Pro
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-SE
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Pro-Max
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Beast
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	EFG
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDW
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDR
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDR7
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDR-5G
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	Express 7
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Ultra
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Max
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Fiber
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Industrial
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Problem Types

CWE-284 Improper Access Control - Generic CWE