What is CVE-2026-21633?

CVE-2026-21633 is a high-severity vulnerability identified in the UniFi Protect Application. Exploiting this vulnerability allows unauthorized access to nearby UniFi Protect Cameras. Organizations must update immediately to mitigate risks.

What is the severity of CVE-2026-21633?

CVE-2026-21633 has a severity rating of HIGH with a CVSS base score of 8.8.

CVE-2026-21633 | High Vulnerability in UI UniFi Protect

CVE-2026-21633 is a high-severity vulnerability affecting the UniFi Protect Application (Version 6.1.79 and earlier). This vulnerability allows a malicious actor with access to the adjacent network to obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability. The CVSS score for this vulnerability is 8.8, indicating a high level of risk to organizations.

Risk to organizations includes potential unauthorized access to sensitive camera feeds, which could lead to significant privacy violations and security breaches. Given the severity, organizations should prioritize patching immediately.

As of the latest updates, there are no known exploits for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. This makes immediate remediation crucial to prevent future exploitation.

Organizations should update their UniFi Protect Application to Version 6.2.72 or later to mitigate this vulnerability effectively. The importance of prompt action cannot be overstated, considering the potential consequences.

Vulnerability Details

The official CVE description notes that this vulnerability allows unauthorized access to a UniFi Protect Camera through a discovery protocol vulnerability in the UniFi Protect Application (Version 6.1.79 and earlier). The vulnerability has a CVSS score of 8.8, which classifies it as high severity. The affected product, UniFi Protect Application, should be updated as per the vendor's guidance.

Technical Analysis

The root cause of this vulnerability lies in the discovery protocol that the UniFi Protect Application utilizes, allowing unauthorized access if an attacker is on the adjacent network. The attack vector is classified as 'ADJACENT_NETWORK', and the attack complexity is low. No privileges are required, and user interaction is not necessary to exploit this vulnerability. The impacts on confidentiality, integrity, and availability are all rated as high, indicating a severe risk to the affected systems.

Risk & Impact Analysis

The real-world risk posed by CVE-2026-21633 is significant, particularly for organizations using the UniFi Protect Application in environments where cameras are deployed. The potential for unauthorized access to sensitive footage can have serious implications for privacy and security, heightening the urgency for remediation efforts. Given the high CVSS score, organizations should assess their exposure and prioritize patching as part of their security posture.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of the UniFi Protect Application prior to Version 6.2.72. Organizations must ensure they are running an updated version to mitigate the identified risks.

Mitigation & Remediation

To remediate this vulnerability, organizations should update their UniFi Protect Application to Version 6.2.72 or later. Furthermore, it is advisable to review and implement security best practices regarding network segmentation and monitoring for unauthorized access attempts. Regular security assessments can also help identify potential weaknesses in the deployed systems.

For continuous improvement of security posture, organizations should consider engaging in penetration testing to validate their defenses against similar vulnerabilities.

Detection Guidance

Organizations should monitor logs for anomalies that could indicate unauthorized access attempts, including unusual access patterns to camera feeds. Additionally, behavioral anomalies in user activity should be flagged for further investigation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-21633 highlights the ongoing need for robust security practices in connected devices. As IoT devices become more prevalent, the potential for such vulnerabilities increases, underscoring the importance of timely updates and security awareness. Security teams should prioritize understanding the patterns of vulnerabilities and enhance their strategies accordingly, as seen with the UniFi Protect Application's exposure.

Organizations can benefit from a comprehensive security strategy that includes vulnerability management programs to ensure ongoing security and resilience against potential threats.

Furthermore, leveraging insights from security research can guide teams in improving their security posture. For example, adopting best practices in penetration testing methodology can provide critical insights into weaknesses and help prioritize remediation efforts effectively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-21633: High Vulnerability in UI UniFi Protect