CVE-2026-48610

Summary

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUDM0 < 5.1.15affected
Ubiquiti IncUDM-Pro0 < 5.1.15affected
Ubiquiti IncUDM-SE0 < 5.1.15affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.15affected
Ubiquiti IncUDM-Beast0 < 5.1.15affected
Ubiquiti IncEFG0 < 5.1.15affected
Ubiquiti IncUDW0 < 5.1.15affected
Ubiquiti IncUDR0 < 5.1.15affected
Ubiquiti IncUDR70 < 5.1.15affected
Ubiquiti IncUDR-5G0 < 5.1.15affected
Ubiquiti IncExpress 70 < 5.1.15affected
Ubiquiti IncUCG-Ultra0 < 5.1.15affected
Ubiquiti IncUCG-Max0 < 5.1.15affected
Ubiquiti IncUCG-Fiber0 < 5.1.15affected
Ubiquiti IncUCG-Industrial0 < 5.1.15affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References