Description
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
Published: 2026-03-27
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Theft via MITM
Action: Immediate Patch
AI Analysis

Impact

UniFi Network Controller versions prior to 5.10.22 and 5.11.x prior to 5.11.18 allow adjacent network attackers to bypass certificate verification during SMTP connections. By presenting a false SSL certificate, an attacker can perform a man‑in‑the‑middle attack and capture SMTP credentials. This weakness permits the theft of authentication data used to log into the controller, potentially giving full administrative control. The flaw is an example of CWE‑295, improper certificate validation.

Affected Systems

The vulnerability affects Ubiquiti's UniFi Network Controller. Versions before 5.10.22 and for 5.11.x before 5.11.18 are vulnerable. Network administrators should verify the version of their UniFi Controller installation and consider upgrading if within those ranges.

Risk and Exploitability

The CVSS score of 7.6 indicates a high severity. Exploitation requires proximity to the network carrying the controller’s SMTP traffic; no external attack vector is described. Because the attacker can capture credentials, the impact can lead to full compromise of the controller. The EPSS score is not available and the vulnerability is not currently listed in the CISA KEV catalog. In practice, local attackers who can observe the controller’s SMTP traffic can exploit the flawed certificate validation to retrieve login information. Until patched, the risk remains high for environments that expose the controller over SMTP.

Generated by OpenCVE AI on March 28, 2026 at 05:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade UniFi Network Controller to version 5.10.22 or later, or 5.11.18 or later if using the 5.11 branch
  • Verify SSL/TLS settings to ensure the controller uses valid certificates and does not accept self‑signed certificates
  • If SMTP is not required, disable the SMTP functionality or restrict its traffic to trusted networks

Generated by OpenCVE AI on March 28, 2026 at 05:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Network Controller
Vendors & Products Ubiquiti
Ubiquiti unifi Network Controller

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
Title UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ubiquiti Unifi Network Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T13:56:58.156Z

Reserved: 2026-03-26T20:33:10.586Z

Link: CVE-2019-25652

cve-icon Vulnrichment

Updated: 2026-03-30T13:56:48.055Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-27T22:16:19.380

Modified: 2026-03-30T13:26:07.647

Link: CVE-2019-25652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:59:18Z

Weaknesses