Ubiquiti disclosed two significant vulnerabilities in its UniFi Protect Application, affecting versions 6.1.79 and earlier. The first, CVE-2026-21633, is an improper authentication vulnerability in the discovery protocol that allows a network-adjacent, unauthenticated attacker to gain unauthorized access to UniFi Protect cameras. The second, CVE-2026-21634, is a buffer overflow vulnerability in the same protocol, which can be exploited to cause a denial-of-service (DoS) condition by restarting the application. Both vulnerabilities require the attacker to be on the same network segment as the target device.
The vulnerabilities have been rated high (CVSS 8.8) and medium (CVSS 6.5) respectively, and users are strongly advised to upgrade to UniFi Protect Application version 6.2.72 or later to mitigate the risks. Exploitation of these flaws could result in unauthorized surveillance access or disruption of video management services. Asset discovery tools can be used to identify potentially vulnerable systems within an organization’s network for prompt remediation.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
On January 6, 2026, runZero published analysis and asset discovery guidance covering Ubiquiti's recently disclosed UniFi Protect vulnerabilities, including CVE-2026-21633 and CVE-2026-21634. The post provided inventory queries to help organizations find exposed or vulnerable systems on their networks.
On January 5, 2026, CVE-2026-21633 was publicly reported as a high-severity authentication bypass in the UniFi Protect Application's camera discovery protocol. The vulnerability allows unauthenticated attackers on the adjacent network to gain unauthorized access to UniFi Protect cameras.
Ubiquiti released UniFi Protect Application version 6.2.72 to fix vulnerabilities in the camera discovery protocol affecting version 6.1.79 and earlier, including CVE-2026-21633. The flaws could allow adjacent-network attackers to bypass authentication and access cameras, and also included CVE-2026-21634, a denial-of-service issue.
In May 2025, Ubiquiti disclosed CVE-2025-23123, a critical unauthenticated code execution vulnerability affecting UniFi Protect IP cameras via the management network. The issue was addressed in firmware version 4.75.62 or later.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.