PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54404 Ubiquiti Inc CVE debrief

CVE-2026-54404 is an authenticated SQL injection vulnerability in UniFi OS. A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. The vulnerability has a CVSS score of 8.8 and a severity of HIGH. Administrators and users of UniFi OS devices or instances should be aware of this vulnerability and take necessary actions to mitigate it.

Vendor
Ubiquiti Inc
Product
UniFi OS Server
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-10
Advisory published
2026-07-02
Advisory updated
2026-07-10

Who should care

Administrators and users of UniFi OS devices or instances should be aware of this vulnerability and take necessary actions to mitigate it. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability is caused by a series of authenticated SQL Injection vulnerabilities found in UniFi OS. A malicious actor with access to the network and low privileges could exploit this vulnerability to escalate privileges within such UniFi OS devices or instances.

Defensive priority

High priority should be given to patching or mitigating this vulnerability as it can be exploited by a malicious actor with low privileges. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Recommended defensive actions

  • Apply patches or updates provided by the vendor
  • Restrict access to UniFi OS devices or instances
  • Monitor for suspicious activity
  • Implement compensating controls
  • Verify and inventory affected systems

Evidence notes

The CVE record was published on 2026-07-02T15:17:04.060Z and was last modified on 2026-07-10T02:48:50.627Z. The NVD entry is currently Analyzed. The vulnerability affects UniFi OS devices or instances. Administrators should verify the affected systems and review vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:04.060Z and has not been modified since then. The NVD entry is currently Analyzed.