Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation
Summary
CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.
What changed
CERT-Bund has released a critical security advisory (WID-SEC-2026-0784) concerning multiple vulnerabilities in Ubiquiti's UniFi Network Application and UniFi Express. These flaws, which have a CVSS Base Score of 10.0, allow remote attackers to escalate privileges. The advisory specifically lists affected versions of the UniFi Network Application (versions prior to 10.1.89, 10.2.97, and 9.0.118) and UniFi Express (versions prior to 4.0.13).
Organizations utilizing these Ubiquiti products must urgently review their systems for the affected versions. Immediate mitigation is recommended, which typically involves updating the software to a patched version. Failure to address these vulnerabilities could lead to unauthorized access and control over network infrastructure, posing a significant risk to data confidentiality, integrity, and system availability. While no specific compliance deadline is stated, prompt action is crucial due to the critical nature of the vulnerabilities.
What to do next
- Review Ubiquiti UniFi Network Application and UniFi Express versions for those listed as affected.
- Apply available software updates to mitigate privilege escalation vulnerabilities.
- Assess network security posture for potential unauthorized access.
Source document (simplified)
[WID-SEC-2026-0784] Ubiquiti UniFi Network Application: Mehrere Schwachstellen ermöglichen Privilegieneskalation CVSS Base Score 10.0 (kritisch) CVSS Temporal Score 8.7 (hoch) Remoteangriff ja Datum 18.03.2026 Stand 19.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
Produktbeschreibung
UniFi ist Ubiquiti's End-to-End-Netzwerk-Ökosystem für Unternehmen und Smart Homes.
Produkte
18.03.2026
- Ubiquiti UniFi Network application <10.1.89
Ubiquiti UniFi Network application <10.2.97
Ubiquiti UniFi Express <4.0.13
Ubiquiti UniFi Network application <9.0.118
Angriff
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Ubiquiti UniFi Network Application ausnutzen, um seine Privilegien zu erhöhen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.