Cyber Posture

CVE-2026-21633

High

Published: 05 January 2026

Published
05 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 19.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21633 is a high-severity Improper Authentication (CWE-287) vulnerability in Ui Unifi Protect. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 19.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates timely identification, reporting, and correction of the improper authentication flaw in the UniFi Protect Application discovery protocol via vendor patching to version 6.2.72 or later.

SC-7 Boundary Protection partial match
prevent

Prevents exploitation from adjacent networks by monitoring and controlling communications at external and key internal boundaries, enabling segmentation to isolate the vulnerable UniFi Protect Application.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Facilitates proactive discovery of the CVE-2026-21633 vulnerability through ongoing monitoring and scanning of the UniFi Protect Application for known flaws like CWE-287 improper authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Improper authentication in discovery protocol directly enables remote exploitation for unauthorized access to cameras/services on adjacent network.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79…

more

and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.

Deeper analysisAI

CVE-2026-21633 is a discovery protocol vulnerability (CWE-287: Improper Authentication) in the UniFi Protect Application, affecting versions 6.1.79 and earlier. This flaw enables unauthorized access to UniFi Protect Cameras when exploited.

A malicious actor with access to the adjacent network can exploit the vulnerability with low attack complexity, requiring no privileges or user interaction (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.8). Successful exploitation allows the attacker to obtain unauthorized access to the camera, compromising confidentiality, integrity, and availability.

The UniFi security advisory recommends updating the UniFi Protect Application to version 6.2.72 or later as the primary mitigation. Additional details are available at https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9.

Details

CWE(s)
CWE-287

Affected Products

ui
unifi protect
≤ 6.2.72

CVEs Like This One

CVE-2026-21638Same vendor: Ui
CVE-2026-24241Shared CWE-287
CVE-2024-6107Shared CWE-287
CVE-2025-52665Same vendor: Ui
CVE-2025-67791Shared CWE-287
CVE-2025-56752Shared CWE-287
CVE-2025-59467Same vendor: Ui
CVE-2025-26438Shared CWE-287
CVE-2026-2065Shared CWE-287
CVE-2026-5570Shared CWE-287

References