CVE-2026-56841
HIGH
8.8
CVSS 3.1
Description
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
Metadata
Severity & Metrics
8.8
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Ubiquiti Inc | UniFi Protect Application | — | 0 < 7.1.83 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-89 | cna | CWE-89 SQL Injection |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.8 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (1)