Filtered by vendor Ubiquiti Subscriptions
Filtered by product Unifi Network Application Subscriptions
Total 12 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-54405 1 Ubiquiti 1 Unifi Network Application 2026-07-02 7.5 High
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.
CVE-2026-54406 1 Ubiquiti 1 Unifi Network Application 2026-07-02 8.7 High
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
CVE-2026-56842 1 Ubiquiti 1 Unifi Network Application 2026-07-02 7.5 High
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
CVE-2026-55114 1 Ubiquiti 1 Unifi Network Application 2026-07-02 8.8 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2026-55118 1 Ubiquiti 1 Unifi Network Application 2026-07-02 8.3 High
A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2026-22557 1 Ubiquiti 1 Unifi Network Application 2026-06-24 10 Critical
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2024-27981 1 Ubiquiti 1 Unifi Network Application 2026-04-15 9.8 Critical
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later.
CVE-2024-42028 1 Ubiquiti 1 Unifi Network Application 2026-04-15 8.8 High
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
CVE-2025-24292 1 Ubiquiti 1 Unifi Network Application 2026-04-15 N/A
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
CVE-2026-22558 1 Ubiquiti 1 Unifi Network Application 2026-03-20 7.7 High
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
CVE-2023-28365 3 Linux, Ubiquiti, Ui 3 Linux Kernel, Unifi Network Application, Unifi Network Application 2024-12-12 9.1 Critical
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
CVE-2024-42025 2 Ubiquiti, Ui 2 Unifi Network Application, Unifi Network Application 2024-09-28 7.8 High
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.