Top Advisory

Ubiquiti UniFi OS Multiple Vulnerabilities

Severity Level: Critical

Date: 01/07/2026

Ref: CERT-NCSOC-0243

Components Affected

Overview

Multiple vulnerabilities have been identified in Ubiquiti UniFi OS products. An attacker with network access may exploit these vulnerabilities to read files, execute arbitrary commands, and gain complete control of affected devices.

Description

Multiple critical vulnerabilities have been identified in Ubiquiti UniFi OS, affecting UniFi Gateways, Routers, Network Video Recorders (NVRs), and Controller appliances. The vulnerabilities include improper access control, path traversal, and information disclosure flaws that could be exploited by an attacker with network access to the affected devices.

Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions, read sensitive files, execute arbitrary commands, and perform unauthorized administrative actions on vulnerable systems. In certain scenarios, an attacker may be able to gain full control of the affected device, modify configurations, create unauthorized accounts, deploy malicious payloads, or use compromised devices as a pivot point to move laterally within the network.

Ubiquiti has confirmed that these vulnerabilities are being actively exploited in the wild. Organizations using affected UniFi OS products are strongly advised to apply the latest security updates and review their environments for indicators of compromise.

Impact

Solution / Workarounds

Reference

Disclaimer

The information provided herein is on an "as is" basis, without warranty of any kind.

Footer Advisory