CVE-2026-48610
published 2026-06-12CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices…
PriorityP351high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.26%
17.7th percentile
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | efg | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | express_7 | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-fiber | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-industrial | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-max | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-ultra | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-beast | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-pro | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-pro-max | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-se | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udr | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udr-5g | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udr7 | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udw | < 5.1.15 | 5.1.15 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ubiquiti UDM up to 5.1.14 access control (EUVD-2026-36378 / WID-SEC-2026-1872)
vuldb·2026-06-14·CVSS 8.1
CVE-2026-48610 [HIGH] Ubiquiti UDM up to 5.1.14 access control (EUVD-2026-36378 / WID-SEC-2026-1872)
A vulnerability, which was classified as critical, was found in Ubiquiti UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCG-Ultra, UCG-Max, UCG-Fiber and UCG-Industrial up to 5.1.14. This affects an unknown part. Such manipulation leads to improper access controls.
This vulnerability is documented as CVE-2026-48610. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
GHSA
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized cha
ghsa_unreviewed·2026-06-12
CVE-2026-48610 [HIGH] CWE-284 Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized cha
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published