ГлавнаяУязвимости → CVE-2026-54404
8.8высокая

CVE-2026-54404

Описание

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.

Затрагиваемое ПО
Ui Unifi dream machine beast firmwareUi Unifi dream machine beastUi Enterprise fortress gateway firmwareUi Enterprise fortress gatewayUi Unifi dream router firmwareUi Unifi dream routerUi Unifi dream wall firmwareUi Unifi dream wallUi Unifi dream router 7 firmwareUi Unifi dream router 7Ui Unifi express 7 firmwareUi Unifi express 7Ui Unifi cloudkey firmwareUi Unifi cloudkeyUi Unifi cloud key plus firmwareUi Unifi cloud key plusUi Unifi cloudkey enterprise firmwareUi Unifi cloudkey enterpriseUi Unifi network video recorder firmwareUi Unifi network video recorderUi Unifi network video recorder pro firmwareUi Unifi network video recorder proUi Unifi network video recorder instant firmwareUi Unifi network video recorder instantUi Enterprise network video recorder firmware
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc