CVE-2026-48610_CVE-2026-48610

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Basic Information

ID CVE-2026-48610

Source hackerone

Published Jun 12, 2026 at 02:27

Affected Product

Vendor Ubiquiti Inc

Product UDM

Affected Versions Ubiquiti Inc UDM 0
Ubiquiti Inc UDM-Pro 0
Ubiquiti Inc UDM-SE 0
Ubiquiti Inc UDM-Pro-Max 0
Ubiquiti Inc UDM-Beast 0
Ubiquiti Inc EFG 0
Ubiquiti Inc UDW 0
Ubiquiti Inc UDR 0
Ubiquiti Inc UDR7 0
Ubiquiti Inc UDR-5G 0
Ubiquiti Inc Express 7 0
Ubiquiti Inc UCG-Ultra 0
Ubiquiti Inc UCG-Max 0
Ubiquiti Inc UCG-Fiber 0
Ubiquiti Inc UCG-Industrial 0

CWE Classification

CWE-284

References

community.ui.com /releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

{
    "lastseen": "",
    "description": "Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.",
    "published": "2026-06-12T02:27:43.468Z",
    "modified": "2026-06-12T02:27:43.468Z",
    "type": "cve",
    "title": "CVE-2026-48610",
    "source": "hackerone",
    "references": "https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a",
    "id": "CVE-2026-48610",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Ubiquiti Inc UDM 0\nUbiquiti Inc UDM-Pro 0\nUbiquiti Inc UDM-SE 0\nUbiquiti Inc UDM-Pro-Max 0\nUbiquiti Inc UDM-Beast 0\nUbiquiti Inc EFG 0\nUbiquiti Inc UDW 0\nUbiquiti Inc UDR 0\nUbiquiti Inc UDR7 0\nUbiquiti Inc UDR-5G 0\nUbiquiti Inc Express 7 0\nUbiquiti Inc UCG-Ultra 0\nUbiquiti Inc UCG-Max 0\nUbiquiti Inc UCG-Fiber 0\nUbiquiti Inc UCG-Industrial 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UDM",
    "version": "0",
    "vendor": "Ubiquiti Inc",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}