HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-48610Published Modified CNA hackerone

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Metrics

CVSS v3.1
8.1
Severity
HIGH
Fixed in
5.1.15
Affected Products
15

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper access control vulnerability in Ubiquiti UniFi OS allows a network-adjacent attacker to make unauthorized changes to affected devices without any authentication. The vulnerability is reachable over the network but requires specific network conditions to exploit, as indicated by the high attack complexity rating. Successful exploitation gives the attacker full read, write, and availability impact over the device. A patched-image rebuild at version 5.1.15 is available on HarborGuard for environments running an affected UniFi OS version.

HarborGuard Coverage

Detection

Detection of CVE-2026-48610 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of its publication on 2026-06-12, including custom-built images that bundle UniFi OS components. HarborGuard ingests from upstream advisory feeds continuously, so any image carrying an affected UniFi OS version below 5.1.15 is flagged automatically.

Available
Triage

Triage is available with the full CVSS v3.1 score of 8.1 (HIGH) surfaced alongside each finding, weighted further against each customer organization's compliance policy to reflect their specific risk tolerance. Findings are routed to the appropriate team inbox within each customer org based on image ownership and severity thresholds configured in that environment.

Available
Patch

A patched-image rebuild at UniFi OS version 5.1.15 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the UniFi OS device over the network; exposure to any network path the device listens on is sufficient to attempt exploitation.

  • AuthenticationNot required

    No credentials or account are needed; the vulnerability is exploitable by an unauthenticated attacker.

  • Victim interactionNot required

    No user action or social engineering is required; the attacker operates entirely without victim participation.

  • Attack complexityDetail

    Exploitation depends on specific network conditions being present, such as particular routing or configuration states, making reliable exploitation conditional on environmental factors the attacker may need to observe or induce.

Blast Radius

  • A successful attacker reads sensitive configuration data and credentials stored on the UniFi OS device.
  • A successful attacker writes arbitrary configuration changes to the device, including altering network routing rules, firewall policies, or administrative accounts.
  • A successful attacker can crash or otherwise disrupt the UniFi OS device, taking it offline and cutting network connectivity for downstream users.
  • Because the device acts as a network controller, unauthorized changes can propagate misconfiguration or access to other devices managed by the compromised UniFi OS instance.

How HarborGuard Handles This

Available on HarborGuard: detection of CVE-2026-48610 runs against all customer images on each ingest cycle, covering both public base images and internally built images that include UniFi OS. Where an affected version (below 5.1.15) is identified, a patched rebuild targeting version 5.1.15 is made available immediately. For customers with auto-remediation enabled, HarborGuard triggers the rebuild, executes regression tests against the patched image, and opens a pull request against affected workloads; for high-severity issues the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is surfaced with its 8.1 HIGH score and routed to the relevant team for manual review and upgrade scheduling.

See how HarborGuard automates this

Fix available

5.1.15
Affected packages
  • Ubiquiti Inc / UDM
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDM-Pro
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDM-SE
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDM-Pro-Max
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDM-Beast
    < 5.1.15 (from 0)
  • Ubiquiti Inc / EFG
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDW
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDR
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDR7
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UDR-5G
    < 5.1.15 (from 0)
  • Ubiquiti Inc / Express 7
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UCG-Ultra
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UCG-Max
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UCG-Fiber
    < 5.1.15 (from 0)
  • Ubiquiti Inc / UCG-Industrial
    < 5.1.15 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References