PatchSiren cyber security CVE debrief
CVE-2026-48610 Ubiquiti Inc CVE debrief
CVE-2026-48610 is a HIGH-severity vulnerability (CVSS Score: 8.1) affecting certain devices running UniFi OS. An Improper Access Control vulnerability allows a malicious actor with network access to make unauthorized changes to UniFi OS devices under specific network configurations.
- Vendor
- Ubiquiti Inc
- Product
- UDM
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of UniFi OS devices should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-284: Improper Access Control.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Review and update network configurations to minimize the attack surface.
- Monitor UniFi OS devices for suspicious activity.
Evidence notes
The CVE record was published on 2026-06-12T04:17:06.803Z and modified on 2026-06-12T16:10:10.070Z. The vendor is listed as Unknown Vendor, but evidence suggests a potential link to Ui.
Official resources
-
CVE-2026-48610 CVE record
CVE.org
-
CVE-2026-48610 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-48610 was published on 2026-06-12T04:17:06.803Z.