HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-54400Published Modified CNA hackerone

CVE-2026-54400: A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

Metrics

CVSS v3.1
9.1
Severity
CRITICAL
Fixed in
4.2.29
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper access control vulnerability in the Ubiquiti UniFi Access Application allows a network-reachable attacker with high privileges to escalate those privileges on the host device. The vulnerability is reachable over the network, requires an existing high-privilege account, and needs no victim interaction to exploit. Successful exploitation gives the attacker full control over the host, including reading, modifying, and disrupting all data and services on that system. A patched-image rebuild at version 4.2.29 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-54400 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the UniFi Access Application. Any image running a version below 4.2.29 will surface as affected.

Available
Triage

HarborGuard scores this CVE at CVSS 9.1 (Critical) and weights it against each environment's compliance policy to determine routing urgency. Findings are routed to the appropriate team inbox within each customer org based on configured ownership rules for the affected image or workload.

Available
Patch

A patched-image rebuild at UniFi Access Application version 4.2.29 becomes available on HarborGuard once the upstream fix is confirmed in the advisory record. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the UniFi Access Application service over the network; it is not exploitable from a purely local or physical position.

  • AuthenticationRequired

    An admin-level or otherwise high-privilege account is required before the access control flaw can be triggered.

  • Victim interactionNot required

    No action from another user or administrator is needed; the attacker can trigger the exploit entirely on their own.

  • Attack complexityDetail

    Exploitation is reliable and condition-free, with no race conditions or special environmental factors required.

Blast Radius

  • The attacker gains elevated privileges on the host device, allowing execution of arbitrary commands as a higher-privileged user or process.
  • All data accessible on the host is exposed for reading, including credentials, configuration files, and stored access-control records.
  • The attacker can modify persisted configuration, user data, and access policies stored on the host.
  • The attacker can crash or disable the UniFi Access Application and any co-located services on the host, disrupting physical access control operations.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-54400 is active across all connected registries and CI pipelines, matching images that bundle UniFi Access Application versions below 4.2.29. Given the Critical severity rating (CVSS 9.1) and the scope-changed impact across confidentiality, integrity, and availability, this CVE is prioritized at the top of triage queues under default compliance policies. Where compliance policy permits, a patched-image rebuild at version 4.2.29 is queued automatically; for customers who opt into auto-remediation, HarborGuard rebuilds the image, runs regression tests, and opens a PR against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for Critical-severity issues in auto-remediation-enabled environments. Customers who manage remediation manually will find the finding surfaced in their HarborGuard dashboard with fix-version detail and affected image inventory included.

See how HarborGuard automates this

Fix available

4.2.29
Affected packages
  • Ubiquiti Inc / UniFi Access Application
    < 4.2.29 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H