CVE-2026-54400 PUBLISHED

Assigner: hackerone
Reserved: 13.06.2026 Published: 02.07.2026 Updated: 02.07.2026

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.1

Product Status

Vendor Ubiquiti Inc
Product UniFi Access Application
Versions Default: unaffected
  • affected from 0 to 4.2.29 (excl.)

References

Problem Types

  • CWE-284 Improper Access Control - Generic CWE