Ubiquiti patches security flaws in UniFi Protect camera software
Take action: If you are using UniFi Protect Application, plan a quick update. And as usual, make sure all cameras and camera controllers are isolated from the internet and accessible from trusted networks only. Use VLANs to separate your security cameras from guest or general-purpose networks.
Learn More
Ubiquiti released security updates for its UniFi Protect Application to fix two flaws in the discovery protocol. These bugs allow attackers on the same local network to take over cameras or crash the management software.
Vulnerability summary:
- CVE-2026-21633 (CVSS score 8.8) - A discovery protocol flaw that allows attackers on an adjacent network to gain unauthorized access to UniFi Protect cameras. By sending specific packets through the discovery protocol, an attacker can view camera streams or change settings without a password. This flaw affects any setup where an attacker can reach the local network segment, such as a shared office network or a compromised guest Wi-Fi.
- CVE-2026-21634 (CVSS score 6.5) - A protocol overflow vulnerability that lets attackers force the UniFi Protect Application to restart, causing a denial-of-service.
The company has not shared technical details on how to exploit the bugs.
The vulnerabilities impact UniFi Protect Application versions 6.1.79 and earlier.
Users should update to version 6.2.72 or later. Administrators can check their controller versions immediately to ensure they are running the patched software. Because the attacks happen from the "adjacent network," network segmentation is a key mitigation measure.
