Description
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).



Affected Products:

UniFi Protect Application (Version 6.1.79 and earlier).



Mitigation:

Update your UniFi Protect Application to Version 6.2.72 or later.
Published: 2026-01-05
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Device Access
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a flaw in the discovery protocol of the UniFi Protect Application version 6.1.79 and earlier. An attacker who can reach the camera on the same or adjacent local network can send crafted discovery packets that bypass authentication, allowing the attacker to view camera streams or gain control of the camera device. This represents an authentication bypass weakness (CWE-287).

Affected Systems

Ubiquiti Inc's UniFi Protect Application, v6.1.79 or earlier.

Risk and Exploitability

A CVSS score of 8.8 indicates high severity, while an EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to be on the camera’s local network vicinity. Once reached, the attacker can access the camera’s services without proper credentials, enabling privacy or operational compromise. The lack of external remote access conditions reduces the likelihood of widespread infection but still poses a serious risk to networks that allow local discovery traffic.

Generated by OpenCVE AI on April 18, 2026 at 08:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the UniFi Protect Application to version 6.2.72 or later.
  • Segregate the UniFi Protect devices into a separate VLAN or apply firewall rules so that only trusted, authenticated devices can use the discovery protocol.
  • Monitor network traffic for abnormal discovery requests and investigate suspicious activity.

Generated by OpenCVE AI on April 18, 2026 at 08:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Camera Access via Discovery Protocol in UniFi Protect

Fri, 30 Jan 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Ui
Ui unifi Protect
CPEs cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*
Vendors & Products Ui
Ui unifi Protect

Tue, 06 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti protect Application
Vendors & Products Ubiquiti
Ubiquiti protect Application

Tue, 06 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287

Mon, 05 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Protect Application
Ui Unifi Protect
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-01-05T21:03:40.183Z

Reserved: 2026-01-01T15:00:02.338Z

Link: CVE-2026-21633

cve-icon Vulnrichment

Updated: 2026-01-05T21:03:30.008Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-05T17:15:47.133

Modified: 2026-01-30T01:23:38.587

Link: CVE-2026-21633

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:30:35Z

Weaknesses