CVE-2026-54400: A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device
A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.
Metrics
- CVSS v3.1
- 9.1
- Severity
- CRITICAL
- Fixed in
- 4.2.29
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An improper access control vulnerability in the Ubiquiti UniFi Access Application allows a network-reachable attacker with high privileges to escalate those privileges on the host device. The vulnerability is reachable over the network, requires an existing high-privilege account, and needs no victim interaction to exploit. Successful exploitation gives the attacker full control over the host, including reading, modifying, and disrupting all data and services on that system. A patched-image rebuild at version 4.2.29 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-54400 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the UniFi Access Application. Any image running a version below 4.2.29 will surface as affected.
AvailableHarborGuard scores this CVE at CVSS 9.1 (Critical) and weights it against each environment's compliance policy to determine routing urgency. Findings are routed to the appropriate team inbox within each customer org based on configured ownership rules for the affected image or workload.
AvailableA patched-image rebuild at UniFi Access Application version 4.2.29 becomes available on HarborGuard once the upstream fix is confirmed in the advisory record. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the UniFi Access Application service over the network; it is not exploitable from a purely local or physical position.
- AuthenticationRequired
An admin-level or otherwise high-privilege account is required before the access control flaw can be triggered.
- Victim interactionNot required
No action from another user or administrator is needed; the attacker can trigger the exploit entirely on their own.
- Attack complexityDetail
Exploitation is reliable and condition-free, with no race conditions or special environmental factors required.
Blast Radius
- The attacker gains elevated privileges on the host device, allowing execution of arbitrary commands as a higher-privileged user or process.
- All data accessible on the host is exposed for reading, including credentials, configuration files, and stored access-control records.
- The attacker can modify persisted configuration, user data, and access policies stored on the host.
- The attacker can crash or disable the UniFi Access Application and any co-located services on the host, disrupting physical access control operations.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-54400 is active across all connected registries and CI pipelines, matching images that bundle UniFi Access Application versions below 4.2.29. Given the Critical severity rating (CVSS 9.1) and the scope-changed impact across confidentiality, integrity, and availability, this CVE is prioritized at the top of triage queues under default compliance policies. Where compliance policy permits, a patched-image rebuild at version 4.2.29 is queued automatically; for customers who opt into auto-remediation, HarborGuard rebuilds the image, runs regression tests, and opens a PR against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for Critical-severity issues in auto-remediation-enabled environments. Customers who manage remediation manually will find the finding surfaced in their HarborGuard dashboard with fix-version detail and affected image inventory included.
Fix available
- Ubiquiti Inc / UniFi Access Application< 4.2.29 (from 0)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H