PatchSiren cyber security CVE debrief
CVE-2026-54404 Ubiquiti Inc CVE debrief
CVE-2026-54404 is an authenticated SQL injection vulnerability in UniFi OS. A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. The vulnerability has a CVSS score of 8.8 and a severity of HIGH. Administrators and users of UniFi OS devices or instances should be aware of this vulnerability and take necessary actions to mitigate it.
- Vendor
- Ubiquiti Inc
- Product
- UniFi OS Server
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of UniFi OS devices or instances should be aware of this vulnerability and take necessary actions to mitigate it. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability is caused by a series of authenticated SQL Injection vulnerabilities found in UniFi OS. A malicious actor with access to the network and low privileges could exploit this vulnerability to escalate privileges within such UniFi OS devices or instances.
Defensive priority
High priority should be given to patching or mitigating this vulnerability as it can be exploited by a malicious actor with low privileges. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Recommended defensive actions
- Apply patches or updates provided by the vendor
- Restrict access to UniFi OS devices or instances
- Monitor for suspicious activity
- Implement compensating controls
- Verify and inventory affected systems
Evidence notes
The CVE record was published on 2026-07-02T15:17:04.060Z and was last modified on 2026-07-10T02:48:50.627Z. The NVD entry is currently Analyzed. The vulnerability affects UniFi OS devices or instances. Administrators should verify the affected systems and review vendor guidance.
Official resources
-
CVE-2026-54404 CVE record
CVE.org
-
CVE-2026-54404 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:04.060Z and has not been modified since then. The NVD entry is currently Analyzed.