Cyber Resilience

CVE-2026-21633

High

Published: 05 January 2026

Published
05 January 2026
Modified
30 January 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0040 31.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21633 is a high-severity Improper Authentication (CWE-287) vulnerability in Ui Unifi Protect. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-21633 is a discovery protocol vulnerability (CWE-287: Improper Authentication) in the UniFi Protect Application, affecting versions 6.1.79 and earlier. This flaw enables unauthorized access to UniFi Protect Cameras when exploited.

A malicious actor with access to the adjacent network can exploit the vulnerability with low attack complexity, requiring no privileges or user interaction (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.8). Successful exploitation allows the attacker to obtain unauthorized access to the camera, compromising confidentiality, integrity, and availability.

The UniFi security advisory recommends updating the UniFi Protect Application to version 6.2.72 or later as the primary mitigation. Additional details are available at https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79…

more

and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Improper authentication in discovery protocol directly enables remote exploitation for unauthorized access to cameras/services on adjacent network.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21638Same vendor: Ui
CVE-2026-24241Shared CWE-287
CVE-2024-6107Shared CWE-287
CVE-2025-67791Shared CWE-287
CVE-2025-59467Same vendor: Ui
CVE-2025-52665Same vendor: Ui
CVE-2025-56752Shared CWE-287
CVE-2026-34911Same vendor: Ui
CVE-2026-34910Same vendor: Ui
CVE-2026-33000Same vendor: Ui

Affected Assets

ui
unifi protect
≤ 6.2.72

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and correction of the improper authentication flaw in the UniFi Protect Application discovery protocol via vendor patching to version 6.2.72 or later.

prevent

Prevents exploitation from adjacent networks by monitoring and controlling communications at external and key internal boundaries, enabling segmentation to isolate the vulnerable UniFi Protect Application.

detect

Facilitates proactive discovery of the CVE-2026-21633 vulnerability through ongoing monitoring and scanning of the UniFi Protect Application for known flaws like CWE-287 improper authentication.

References