{
    "document": {
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
            "tlp": {
                "label": "WHITE"
            }
        },
        "lang": "nl",
        "notes": [
            {
                "category": "legal_disclaimer",
                "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
            },
            {
                "category": "description",
                "text": "Ubiquiti Networks heeft kwetsbaarheden verholpen in verschillende UniFi-producten, waaronder UniFi Connect Application, UniFi Talk Application, UniFi Access Application, UniFi OS, UniFi Network Application en UniFi Protect Application.",
                "title": "Feiten"
            },
            {
                "category": "description",
                "text": "De kwetsbaarheden betreffen meerdere UniFi-producten en omvatten command injection, SQL-injectie, improper input validation, improper access control, server-side request forgery (SSRF), path traversal, authenticatie-bypass en persistent privilege escalation. Aanvallers met netwerktoegang, soms met beperkte privileges en soms na authenticatie, kunnen hierdoor onder meer willekeurige commando's uitvoeren, privileges escaleren, bestanden lezen of wijzigen, authenticatie omzeilen, en Denial of Service (DoS) veroorzaken. Sommige kwetsbaarheden vereisen gebruikersinteractie, zoals het bezoeken van een kwaadaardige website, terwijl andere direct via netwerktoegang kunnen worden misbruikt. De kwetsbaarheden zijn aanwezig in applicaties en platformen die gebruikt worden voor netwerkbeheer, toegangscontrole, video surveillance en beveiligingsmonitoring binnen de UniFi-productlijn.",
                "title": "Interpretaties"
            },
            {
                "category": "description",
                "text": "Ubiquiti Networks heeft updates uitgebracht om de kwetsbaarheden in de UniFi-producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
                "title": "Oplossingen"
            },
            {
                "category": "general",
                "text": "medium",
                "title": "Kans"
            },
            {
                "category": "general",
                "text": "high",
                "title": "Schade"
            },
            {
                "category": "general",
                "text": "Improper Input Validation",
                "title": "CWE-20"
            },
            {
                "category": "general",
                "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                "title": "CWE-22"
            },
            {
                "category": "general",
                "text": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                "title": "CWE-89"
            },
            {
                "category": "general",
                "text": "Improper Access Control",
                "title": "CWE-284"
            },
            {
                "category": "general",
                "text": "Improper Initialization",
                "title": "CWE-665"
            },
            {
                "category": "general",
                "text": "Incorrect Authorization",
                "title": "CWE-863"
            },
            {
                "category": "general",
                "text": "Server-Side Request Forgery (SSRF)",
                "title": "CWE-918"
            },
            {
                "category": "general",
                "text": "Permissive Cross-domain Security Policy with Untrusted Domains",
                "title": "CWE-942"
            }
        ],
        "publisher": {
            "category": "coordinator",
            "contact_details": "cert@ncsc.nl",
            "name": "Nationaal Cyber Security Centrum",
            "namespace": "https://www.ncsc.nl/"
        },
        "references": [
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
        ],
        "title": "Kwetsbaarheden verholpen in UniFi-producten van Ubiquiti Networks",
        "tracking": {
            "current_release_date": "2026-07-07T07:04:45.729162Z",
            "generator": {
                "date": "2025-08-04T16:30:00Z",
                "engine": {
                    "name": "V.A.",
                    "version": "1.3"
                }
            },
            "id": "NCSC-2026-0221",
            "initial_release_date": "2026-07-07T07:04:45.729162Z",
            "revision_history": [
                {
                    "date": "2026-07-07T07:04:45.729162Z",
                    "number": "1.0.0",
                    "summary": "Initiele versie"
                }
            ],
            "status": "final",
            "version": "1.0.0"
        }
    },
    "product_tree": {
        "branches": [
            {
                "branches": [
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-1"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Cloud Gateways"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-2"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Cloud Keys"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-3"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Dream Machines"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-4"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Dream Routers"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-5"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Dream Wall"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-6"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Enterprise Firewall Core"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-7"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Enterprise Fortress Gateway"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-8"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Enterprise Video Recorders"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-9"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Express 7"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-10"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Network Attached Storage"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-11"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Network Video Recorders"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-12"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "UniFi Access Application"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-13"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "UniFi Connect Application"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-14"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "UniFi OS Server"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-15"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "UniFi Protect Floodlight"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-16"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "UniFi Talk Application"
                    }
                ],
                "category": "vendor",
                "name": "Ubiquiti Inc"
            }
        ]
    },
    "vulnerabilities": [
        {
            "cve": "CVE-2026-50746",
            "notes": [
                {
                    "category": "description",
                    "text": "A vulnerability in the UniFi Connect Application allows a malicious actor with network access to perform command injection on the host device due to improper access control.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-50746 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50746.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 10.0,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-50746"
        },
        {
            "cve": "CVE-2026-50747",
            "cwe": {
                "id": "CWE-89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                    "title": "CWE-89"
                },
                {
                    "category": "description",
                    "text": "A low-privilege attacker on the network can exploit authenticated SQL Injection vulnerabilities in the UniFi Talk Application to escalate privileges on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-50747 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50747.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-50747"
        },
        {
            "cve": "CVE-2026-50748",
            "notes": [
                {
                    "category": "description",
                    "text": "A low-privilege network attacker can exploit an Improper Input Validation vulnerability in the UniFi Access Application to perform command injection on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-50748 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-50748.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-50748"
        },
        {
            "cve": "CVE-2026-54400",
            "notes": [
                {
                    "category": "description",
                    "text": "An Improper Access Control vulnerability in the UniFi Access Application allows a high-privilege network attacker to escalate privileges on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54400 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54400.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.1,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54400"
        },
        {
            "cve": "CVE-2026-54401",
            "cwe": {
                "id": "CWE-918",
                "name": "Server-Side Request Forgery (SSRF)"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Server-Side Request Forgery (SSRF)",
                    "title": "CWE-918"
                },
                {
                    "category": "description",
                    "text": "A low-privileged attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in UniFi OS devices to escalate privileges and gain unauthorized access.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54401 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54401.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                        "baseScore": 7.7,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54401"
        },
        {
            "cve": "CVE-2026-54402",
            "notes": [
                {
                    "category": "description",
                    "text": "A low-privilege network attacker can exploit an Improper Input Validation vulnerability in UniFi OS to perform command injection on the host device, potentially compromising system integrity.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54402 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54402.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54402"
        },
        {
            "cve": "CVE-2026-54403",
            "cwe": {
                "id": "CWE-22",
                "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                    "title": "CWE-22"
                },
                {
                    "category": "description",
                    "text": "A Path Traversal vulnerability in certain UniFi OS devices enables a malicious actor with network access to bypass authentication mechanisms, potentially compromising device security.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54403 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54403.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                        "baseScore": 8.6,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54403"
        },
        {
            "cve": "CVE-2026-54404",
            "cwe": {
                "id": "CWE-89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                    "title": "CWE-89"
                },
                {
                    "category": "description",
                    "text": "Authenticated SQL Injection vulnerabilities in UniFi OS allow low-privilege network actors to escalate privileges on affected devices or instances.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54404 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54404.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 8.8,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54404"
        },
        {
            "cve": "CVE-2026-54405",
            "notes": [
                {
                    "category": "description",
                    "text": "A vulnerability in the UniFi Network Application allows a malicious actor with network access to cause a Denial of Service (DoS) attack via improper input validation.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54405 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54405.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54405"
        },
        {
            "cve": "CVE-2026-54406",
            "cwe": {
                "id": "CWE-22",
                "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                    "title": "CWE-22"
                },
                {
                    "category": "description",
                    "text": "A Path Traversal vulnerability in self-hosted UniFi Network Application instances enables a high-privilege malicious actor on the network to escalate write permissions on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54406 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54406.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
                        "baseScore": 8.7,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54406"
        },
        {
            "cve": "CVE-2026-54407",
            "notes": [
                {
                    "category": "description",
                    "text": "A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication on specific API endpoints due to improper access control.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54407 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54407.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                        "baseScore": 8.6,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54407"
        },
        {
            "cve": "CVE-2026-54408",
            "notes": [
                {
                    "category": "description",
                    "text": "A vulnerability in the UniFi Protect Application enables a malicious actor with network access to bypass authentication and stream data without authorization.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54408 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54408.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                        "baseScore": 8.6,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54408"
        },
        {
            "cve": "CVE-2026-54409",
            "notes": [
                {
                    "category": "description",
                    "text": "A vulnerability in the UniFi Protect Application allows a malicious actor with network access to bypass authentication on UniFi Protect Cameras due to improper initialization, potentially compromising device security.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-54409 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-54409.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-54409"
        },
        {
            "cve": "CVE-2026-55110",
            "cwe": {
                "id": "CWE-942",
                "name": "Permissive Cross-domain Security Policy with Untrusted Domains"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Permissive Cross-domain Security Policy with Untrusted Domains",
                    "title": "CWE-942"
                },
                {
                    "category": "description",
                    "text": "A CORS misconfiguration in UniFi OS allows attackers to exploit authenticated user sessions by luring users to malicious pages, enabling unauthorized actions.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55110 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55110.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55110"
        },
        {
            "cve": "CVE-2026-55111",
            "cwe": {
                "id": "CWE-22",
                "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                    "title": "CWE-22"
                },
                {
                    "category": "description",
                    "text": "A Path Traversal vulnerability in UniFi Protect Floodlight devices allows a malicious actor with network access to retrieve arbitrary files from the device, posing a significant security risk.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55111 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55111.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55111"
        },
        {
            "cve": "CVE-2026-55112",
            "notes": [
                {
                    "category": "description",
                    "text": "A low-privilege attacker on the network can exploit an Improper Access Control vulnerability in UniFi OS with the UniFi Protect Application to escalate privileges on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55112 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55112.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55112"
        },
        {
            "cve": "CVE-2026-55113",
            "cwe": {
                "id": "CWE-918",
                "name": "Server-Side Request Forgery (SSRF)"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Server-Side Request Forgery (SSRF)",
                    "title": "CWE-918"
                },
                {
                    "category": "description",
                    "text": "A Server-Side Request Forgery (SSRF) vulnerability in the UniFi Talk Application allows attackers with network access to bypass authentication and execute Denial of Service (DoS) attacks on specific API endpoints.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55113 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55113.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55113"
        },
        {
            "cve": "CVE-2026-55114",
            "notes": [
                {
                    "category": "description",
                    "text": "An Improper Access Control vulnerability in the UniFi Network Application allows a low-privileged malicious actor on the network to escalate their privileges.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55114 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55114.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 8.8,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55114"
        },
        {
            "cve": "CVE-2026-55115",
            "cwe": {
                "id": "CWE-918",
                "name": "Server-Side Request Forgery (SSRF)"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Server-Side Request Forgery (SSRF)",
                    "title": "CWE-918"
                },
                {
                    "category": "description",
                    "text": "A low-privilege network attacker can exploit a Server-Side Request Forgery (SSRF) vulnerability in the UniFi Protect Application to escalate privileges on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55115 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55115.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55115"
        },
        {
            "cve": "CVE-2026-55116",
            "notes": [
                {
                    "category": "description",
                    "text": "A vulnerability in certain UniFi OS devices permits a malicious actor with network access to perform unauthorized configuration changes due to insufficient access control mechanisms.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55116 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55116.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.0,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55116"
        },
        {
            "cve": "CVE-2026-55117",
            "cwe": {
                "id": "CWE-22",
                "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                    "title": "CWE-22"
                },
                {
                    "category": "description",
                    "text": "A Path Traversal vulnerability in the UniFi Access Application allows a malicious actor with network access to retrieve arbitrary files from the host device, posing a significant security risk.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55117 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55117.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                        "baseScore": 8.6,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55117"
        },
        {
            "cve": "CVE-2026-55118",
            "notes": [
                {
                    "category": "description",
                    "text": "A low-privilege attacker on the network can exploit an Improper Access Control vulnerability in the UniFi Network Application to escalate their privileges.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55118 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55118.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
                        "baseScore": 8.3,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55118"
        },
        {
            "cve": "CVE-2026-55119",
            "notes": [
                {
                    "category": "description",
                    "text": "A low-privilege attacker can exploit an Improper Access Control vulnerability in the UniFi Talk Application to escalate privileges within the application.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-55119 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-55119.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                        "baseScore": 8.1,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-55119"
        },
        {
            "cve": "CVE-2026-56841",
            "cwe": {
                "id": "CWE-89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                    "title": "CWE-89"
                },
                {
                    "category": "description",
                    "text": "An authenticated SQL Injection vulnerability in the UniFi Protect Application allows a low-privilege network user to escalate privileges on the host device.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56841 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56841.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 8.8,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-56841"
        },
        {
            "cve": "CVE-2026-56842",
            "cwe": {
                "id": "CWE-863",
                "name": "Incorrect Authorization"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Incorrect Authorization",
                    "title": "CWE-863"
                },
                {
                    "category": "description",
                    "text": "A vulnerability in the UniFi Network Application enables a malicious actor with network access to retain elevated privileges even after their access has been revoked.",
                    "title": "Summary"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1",
                    "CSAFPID-2",
                    "CSAFPID-3",
                    "CSAFPID-4",
                    "CSAFPID-5",
                    "CSAFPID-6",
                    "CSAFPID-7",
                    "CSAFPID-8",
                    "CSAFPID-9",
                    "CSAFPID-10",
                    "CSAFPID-11",
                    "CSAFPID-12",
                    "CSAFPID-13",
                    "CSAFPID-14",
                    "CSAFPID-15",
                    "CSAFPID-16"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56842 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56842.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 7.5,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1",
                        "CSAFPID-2",
                        "CSAFPID-3",
                        "CSAFPID-4",
                        "CSAFPID-5",
                        "CSAFPID-6",
                        "CSAFPID-7",
                        "CSAFPID-8",
                        "CSAFPID-9",
                        "CSAFPID-10",
                        "CSAFPID-11",
                        "CSAFPID-12",
                        "CSAFPID-13",
                        "CSAFPID-14",
                        "CSAFPID-15",
                        "CSAFPID-16"
                    ]
                }
            ],
            "title": "CVE-2026-56842"
        }
    ]
}