Ubiquiti Release Notes
744 release notes curated from 749 sources by the Releasebot Team. Last updated: Jul 4, 2026
- Jul 3, 2026
- Date parsed from source:Jul 3, 2026
- First seen by Releasebot:Jul 4, 2026
UniFi Design Center
Ubiquiti adds automatic AP placement and automatic channel planning with a new Auto channel mode, plus a wide range of Design Center quality of life upgrades, visual improvements, and bug fixes for smoother WiFi and floor plan management.
Overview
This release introduces automatic AP placement, automatic channel planning with a new Auto channel mode, and numerous quality of life improvements.
Improvements
Automatic AP Placement
Introducing automatic AP placement, a quick way to cover a floor plan or WiFi Zone without positioning every access point by hand.
- Automatic AP placement can be activated from the WiFi section in the Add Device panel.
Automatic Channel Planning
Introducing automatic channel planning, so you can assign channels across a project and resolve conflicts without setting each radio by hand.
- Set a radio to Auto in the channel dropdown to let Design Center choose the channel.
- Review and manage every channel in the project from the new project-level channel plan.
- Channel selection accounts for interference and SNR across the whole project.
Quality of Life Improvements
- Improved filtering and visibility of unresolved comments in the comment panel.
- You can now add and remove images when editing a comment.
- A comment thread now reopens when a new reply is added.
- A warning now appears before discarding unsaved comment text when pressing Escape.
- Added an Off option for radio bands in the channel dropdown, AP settings, and Client Experience.
- Added support for undo and redo for AP settings, including channel changes.
- You can now select multiple WiFi devices and edit their radio settings together.
- Added the ability to create uplink connections from the device settings side panel.
- Added app filter icons to the plan editor to show or hide devices by category.
- Added a cabling visibility control to the plan editor view settings.
- Added blindspot visualization for 180 degree cameras on the floor plan.
- Added rack name labels on the floor plan.
- Added 2.4 GHz channels 12 and 13, gated by the selected country's regulations.
- Topology can now be exported as a high-resolution image.
- Set the default channel width for the 2.4 GHz radio to 20 MHz.
- Updated the SNR WiFi Noise icon in the coverage legend.
- Adjusted the 3D walls color palette, so different wall materials are more recognizable.
- Increased the minimum zoom level in the 2D editor.
- Quick Add Device Menu now shows product information on hover
- Added a wall mount option for AI-MS-2 and AI-MS-4.
- Wireless connections now recalculate when any device with a wireless link is moved.
Bugfixes
- Fixed an issue where the uplink connection dropdown was missing when placing an AP on the floor plan.
- Fixed an issue with port selection for Pro Max 48 PoE and Hi-Capacity Aggregation connections.
- Fixed an issue where the Connection Optimizer failed with wireless G4 and G6 Instant cameras.
- Fixed an issue where dragging a wall marker could remove an adjacent wall.
- Fixed an issue where clicking a device dragged the floor plan instead of opening its settings.
- Fixed an issue where 3D camera coverage did not apply to drawn walls on scanned floor plans.
- Fixed an issue where the AI-MS-4 coverage halo detached from the camera when placed over a wall.
- Fixed an issue where a false weak-signal warning appeared while dragging a Wi-Fi camera within range of an AP.
- Fixed an issue where the AI-MS-4 and AI-MS-2 device count was incorrect in the project list.
- Fixed an issue where the EAH showed an incorrect maximum power budget.
- Fixed an issue where products showed as sold out in the European store when only the UK variant was sold out.
- Fixed an issue where placing Bridges produced errors that added or removed devices unexpectedly.
- Fixed an issue where the Edit Device panel did not collapse when a device was removed by deleting a primary stack or HA pair.
- Jul 3, 2026
- Date parsed from source:Jul 3, 2026
- First seen by Releasebot:Jul 3, 2026
All of your release notes in one feed
Join Releasebot and get updates from Ubiquiti and hundreds of other software products.
- Jul 2, 2026
- Date parsed from source:Jul 2, 2026
- First seen by Releasebot:Jul 3, 2026
UniFi Endpoint iOS 4.0.1
Ubiquiti releases UniFi Endpoint iOS 4.0.1 with smoother admin navigation, new dashboard widgets and cards, plus better VPN connectivity and authentication reliability. The update also improves sign-in flows and fixes issues with widgets, WiFi cards, and organization access screens.
UniFi Endpoint iOS 4.0.1 includes the improvements and bugfixes below.
Improvements
- Added a deep link to Organization Admin Access for faster navigation.
- Added an Admin Access card for organization owners, organization admins, and site admins with Network permissions.
- Added per-site WiFi cards.
- Added Remote Access as a default dashboard widget.
- Added a View All option for nearby doors.
- Added a close button to the multi-account organization sign-in flow.
- Improved VPN connectivity when switching between WiFi and cellular networks.
- Improved VPN authentication and reconnection reliability, including MFA, SSO, split tunneling, and session expiration handling.
- Improved the organization sign-in experience and error handling.
- Updated the welcome screen by removing desktop app login instructions.
Bugfixes
- Fixed an issue where the organization sign-in code screen did not dismiss correctly.
- Fixed an issue where the organization sign-in view closed immediately on iOS 26.
- Fixed an issue where the WiFi card appeared for sites without BLE beacons or a configured location.
- Fixed scrolling issues in the Add Widget screen when many items were available.
- Jul 2, 2026
- Date parsed from source:Jul 2, 2026
- First seen by Releasebot:Jul 3, 2026
3.18.21.0 Official
Ubiquiti ships version 3.18.21.0 Official release.
3.18.21.0 Official
Original source - Jul 2, 2026
- Date parsed from source:Jul 2, 2026
- First seen by Releasebot:Jul 3, 2026
UniFi Access G3 Reader 3.18.21.0
Ubiquiti releases UniFi Access G3 Reader 3.18.21.0 with a bugfix for hand wave and NFC card auth during power outages.
Gradual Rollout Notice
This update is being rolled out in stages and may not be visible to all users immediately.
Overview
UniFi Access G3 Reader 3.18.21.0 includes the following bugfixes.
Bugfixes
Fixed an issue where hand wave and NFC card authentication could fail on EAH-8 battery backup during power outages.
Additional information
If you encounter any issues with this release, please provide us with the latest support file by navigating to Site Manager > UniFi Console > Access > Devices > select the device > Settings > Download Support File.
Original source Similar to Ubiquiti with recent updates:
- Obsidian release notes90 release notes · Latest Jun 9, 2026
- Perplexity release notes26 release notes · Latest Jun 19, 2026
- xAI release notes138 release notes · Latest Jul 1, 2026
- Cursor release notes110 release notes · Latest Jun 30, 2026
- OpenClaw release notes201 release notes · Latest Jul 2, 2026
- n8n release notes58 release notes · Latest Jun 30, 2026
- Jul 2, 2026
- Date parsed from source:Jul 2, 2026
- First seen by Releasebot:Jul 3, 2026
3.18.21.0 Official
Ubiquiti releases the official 3.18.21.0 build.
3.18.21.0 Official
Original source - Jul 2, 2026
- Date parsed from source:Jul 2, 2026
- First seen by Releasebot:Jul 3, 2026
Security Advisory Bulletin 066
Ubiquiti releases security updates across UniFi Connect, Talk, Access, Network, Protect, UniFi OS, and Protect Floodlight to fix critical vulnerabilities, including command injection, SQL injection, SSRF, path traversal, auth bypass, and privilege escalation.
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
Affected Products
UniFi Connect Application (Version 3.4.16 and earlier)
Mitigation
Update your UniFi Connect Application to Version 3.4.20 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 10.0 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-50746 (Duc Anh Nguyen (@heckintosh_))Summary 2 of 25
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.
Affected Products
UniFi Talk Application (Version 5.1.2 and earlier)
Mitigation
Update your UniFi Talk Application to Version 5.2.2 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 9.9 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-50747 (Abdulaziz Almadhi | Catchify Security)Summary 3 of 25
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.
Affected Products
UniFi Access Application (Version 4.2.28 and earlier)
Mitigation
Update your UniFi Access Application to Version 4.2.29 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 9.9 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-50748 (Abdulaziz Almadhi | Catchify Security)Summary 4 of 25
A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.
Affected Products
UniFi Access Application (Version 4.2.28 and earlier)
Mitigation
Update your UniFi Access Application to Version 4.2.29 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 9.1 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-54400 (Abdulaziz Almadhi | Catchify Security)Summary 5 of 25
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.
Affected Products
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)
EF-Core (Version 5.1.18 and earlier)Mitigation
Update your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.
Update your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.19 or later.
Update your EF-Core to Version 5.1.19 or later.Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.7 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE: CVE-2026-54401 (Kerolos Sameh | oathnet.org)Summary 6 of 25
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
Affected Products
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)
EF-Core (Version 5.1.18 and earlier)Mitigation
Update your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.
Update your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.19 or later.
Update your EF-Core to Version 5.1.19 or later.Impact
CVSS v3.0 Severity and Metrics:
Base Score: 9.9 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-54402 (arqblasta)Summary 7 of 25
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
Affected Products
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)
EF-Core (Version 5.1.18 and earlier)Mitigation
Update your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.
Update your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.19 or later.
Update your EF-Core to Version 5.1.19 or later.Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.6 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE: CVE-2026-54403 (Griffin Francis & Adrian Wood)
Note: This CVE can be chained with other vulnerabilities to eliminate the requirement for low-privileged access.Summary 8 of 25
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
Affected Products
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)
EF-Core (Version 5.1.18 and earlier)Mitigation
Update your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.15 or later.
Update your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.16 or later.
Update your EF-Core to Version 5.1.19 or later.Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.8 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2026-54404 (Garett Kopcha (0x5t))Summary 9 of 25
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.
Affected Products
UniFi Network Application (Version 10.3.58 and earlier)
Mitigation
Update your UniFi Network Application to Version 10.4.57 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE: CVE-2026-54405 (Dries from UniHosted)Summary 10 of 25
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
Affected Products
UniFi Network Application (Version 10.3.58 and earlier)
Mitigation
Update your UniFi Network Application to Version 10.4.57 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.7 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE: CVE-2026-54406 (Garett Kopcha (0x5t))Summary 11 of 25
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
Affected Products
UniFi Protect Application (Version 7.1.77 and earlier)
Mitigation
Update your UniFi Protect Application to Version 7.1.83 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.6 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVE: CVE-2026-54407 (Abdulaziz Almadhi / Catchify Security Team)Summary 12 of 25
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.
Affected Products
UniFi Protect Application (Version 7.1.77 and earlier)
Mitigation
Update your UniFi Protect Application to Version 7.1.83 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.6 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVE: CVE-2026-54408 (Brandon Rossi)Summary 13 of 25
A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.
Affected Products
UniFi Protect Application (Version 7.1.77 and earlier)
Mitigation
Update your UniFi Protect Application to Version 7.1.83 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE: CVE-2026-54409 (Michał Suda (klumz33))Summary 14 of 25
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
Affected Products
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 (Version 5.1.16 and earlier)
EF-Core (Version 5.1.18 and earlier)Mitigation
Update your UniFi OS Server, UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCK, UCKP, UCK-Enterprise, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.15 or later.
Update your UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 to Version 5.1.16 or later.
Update your EF-Core to Version 5.1.19 or later.Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE: CVE-2026-55110 (Andy Gill, ZephrSec Ltd)Summary 15 of 25
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.
Affected Products
UniFi Protect Floodlight(Version 1.13.4 and earlier)
Mitigation
Update your UniFi Protect Floodlight to Version 1.13.6 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE: CVE-2026-55111 (Logan Fernandez (enzyme0))Summary 16 of 25
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
Affected Products
UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, UDW, UDR, UDR7, UDR-5G, UCKP, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
Mitigation
Update your UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, UDW, UDR, UDR7, UDR-5G, UCKP, UNVR, UNVR-Pro, UNVR-Instant, ENVR, ENVR-Core, UNVR-G2, UNVR-G2-Pro, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2026-55112 (Brandon Rossi)Summary 17 of 25
A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.
Affected Products
UniFi Talk Application (Version 5.1.2 and earlier)
Mitigation
Update your UniFi Talk Application to Version 5.2.2 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H
CVE: CVE-2026-55113 (Duc Anh Nguyen (@heckintosh_))Summary 18 of 25
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
Affected Products
UniFi Network Application (Version 10.3.58 and earlier)
Mitigation
Update your UniFi Network Application to Version 10.4.57 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.8 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2026-55114 (Corbett3000)Summary 19 of 25
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
Affected Products
UniFi Protect Application (Version 7.1.77 and earlier)
Mitigation
Update your UniFi Protect Application to Version 7.1.83 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 9.9 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-55115 (Brandon Rossi)Summary 20 of 25
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
Affected Products
UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber (Version 5.1.15 and earlier)
EF-Core (Version 5.1.18 and earlier)Mitigation
Update your UDM, UDM-Beast, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, EF-Core, UDW, UDR, UDR7, UDR-5G, Express 7, UCG-Ultra, UCG-Max, UCG-Industrial and UCG-Fiber to Version 5.1.19 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 9.0 Critical
Vector:
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE: CVE-2026-55116 (Joseph Semaan)Summary 21 of 25
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.
Affected Products
UniFi Access Application (Version 4.2.28 and earlier)
Mitigation
Update your UniFi Access Application to Version 4.2.29 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.6 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE: CVE-2026-55117 (Brandon Rossi)Summary 22 of 25
A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
Affected Products
UniFi Network Application (Version 10.3.58 and earlier)
Mitigation
Update your UniFi Network Application to Version 10.4.57 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.3 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CVE: CVE-2026-55118 (bs0xx)Summary 23 of 25
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.
Affected Products
UniFi Talk Application (Version 5.1.2 and earlier)
Mitigation
Update your UniFi Talk Application to Version 5.2.2 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.1 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE: CVE-2026-55119 (Abdulaziz Almadhi | Catchify Security)Summary 24 of 25
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
Affected Products
UniFi Protect Application (Version 7.1.77 and earlier)
Mitigation
Update your UniFi Protect Application to Version 7.1.83 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 8.8 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2026-56841 (Abdulaziz Almadhi | Catchify Security)Summary 25 of 25
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
Affected Products
UniFi Network Application (Version 10.3.58 and earlier)
Mitigation
Update your UniFi Network Application to Version 10.4.57 or later.
Impact
CVSS v3.0 Severity and Metrics:
Base Score: 7.5 High
Vector:
CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE: CVE-2026-56842 (BugBunny.ai)Reference Links
https://community.ui.com/releases/UniFi-Connect-Application-3-24-20/3e2cd403-d021-4d40-8e33-0007e9683d62
Original source
https://community.ui.com/releases/UniFi-Talk-Application-5-2-2/f27dcd51-f51b-4bc9-9a7f-ecbb215ceeb1
https://community.ui.com/releases/UniFi-Access-Application-4-2-29/63eac165-b7d4-4c43-8091-55ade3ec73c1
https://community.ui.com/releases/UniFi-Network-Application-10-4-57/92694b29-fd78-4d52-906a-3211136610e2
https://community.ui.com/releases/UniFi-Protect-Application-7-1-83/70e6c6a6-cd7f-43e6-87fc-4d70f0a1d9c6
https://community.ui.com/releases/UniFi-Protect-Floodlight-1-13-6/ff9550e4-5e40-473d-95f0-047de07e87dd
https://community.ui.com/releases/UniFi-OS-Dream-Machines-5-1-19/32c35941-c2b6-4fa2-9e63-09470bfb85f6
https://community.ui.com/releases/UniFi-OS-Enterprise-Firewall-Core-5-1-19/21263def-e96c-47e6-9a75-96293fcb84e0
https://community.ui.com/releases/UniFi-OS-Enterprise-Fortress-Gateway-5-1-19/45d861a0-fd93-43ee-841e-033423b112a2
https://community.ui.com/releases/UniFi-OS-Enterprise-Network-Video-Recorders-5-1-19/ca291ead-bc98-4e8b-bc85-4ec03de3f77d
https://community.ui.com/releases/UniFi-OS-Network-Video-Recorders-5-1-19/0728e007-aedd-4664-a3a1-38661b36f9bb
https://community.ui.com/releases/UniFi-OS-Cloud-Gateways-5-1-19/233f8d0a-9973-4e01-a51e-30713939b240
https://community.ui.com/releases/UniFi-OS-Cloud-Keys-5-1-19/44aabe56-c674-47f7-85f4-d483bb7c5bfe
https://community.ui.com/releases/UniFi-OS-Dream-Wall-5-1-19/c33cde37-ac2e-4015-bcb6-39567448fc35
https://community.ui.com/releases/UniFi-OS-Network-Attached-Storage-5-1-19/553addc7-4444-4eed-b46f-b2ee1f5f2285
https://community.ui.com/releases/UniFi-OS-Dream-Routers-5-1-19/b9ae8a01-9415-496a-92b2-70aa784de65d
https://community.ui.com/releases/UniFi-OS-Express-7-5-1-19/71fbc82e-da12-43df-82a7-6cd5a316e867
https://community.ui.com/releases/UniFi-OS-Server-5-1-19/05db58f8-3306-48dc-bbd8-6cb681046a6d - Jul 1, 2026
- Date parsed from source:Jul 1, 2026
- First seen by Releasebot:Jul 3, 2026
- Jun 30, 2026
- Date parsed from source:Jun 30, 2026
- First seen by Releasebot:Jun 30, 2026
UniFi iOS 10.36.0
Ubiquiti adds hotspot portal linking, individual UniFi OS app backups and restores, and broader improvements across Network, Internet, Static Routes, Port Forwarding, Traffic Logging, WiFi, Firewall, and eSIM activation, plus stability and bug fixes throughout the app.
Improvements
- Added a Hotspot Portal info link to WiFi settings.
- Added support for backing up and restoring individual UniFi OS applications.
- Improved Network settings.
- Improved Internet settings.
- Improved Static Routes settings.
- Improved Port Forwarding settings.
- Improved Traffic Logging settings.
- Improved WiFi settings validation and save behavior.
- Improved SFP setup reliability.
- Improved UTR password validation.
- Improved password recovery email entry.
- Improved stability when switching accounts.
- Improved Firewall settings and related UI.
- Improved eSIM activation resiliency.
Bugfixes
- Fixed an issue where views may not load in several cases.
- Fixed an issue where LED or LCM state could remain stuck after canceling local discovery setup.
- Fixed an issue where Mesh Parent could not be disabled.
- Fixed an incorrect message during offline UNVR G2 Pro setup.
- Fixed missing outlets in the USP Strip outlets grid.
- Fixed parsing issues in WiFi settings.
- Fixed IGMP proxy WAN behavior.
- Fixed MGMT port configuration compatibility.
- Fixed IoT channel lock behavior for 2.4 GHz channels.
- Fixed several issues in WAN settings, Port Forwarding, SNMP, and Activity Logging.
- Fixed U5G feedback form.
- Fixed Port Insights UI issues.
- Fixed issues in the Shadow Mode setup flow.
- Fixed issues in the email verification flow.
- Fixed an issue where some device data could fail to load correctly.
- Fixed SFP module handling during setup.
Known issues
Navigation may not work correctly in some areas on iOS 27 beta. We are working on a fix.
Additional information
When reporting an issue, please first reproduce it, then generate and download your app support file from Account > App Support File and attach it to your community post.
Original source - Jun 30, 2026
- Date parsed from source:Jun 30, 2026
- First seen by Releasebot:Jun 30, 2026
UniFi Endpoint Android 4.0.0
Ubiquiti ships UniFi Endpoint Android 4.0.0 with faster access, smarter site detection, and a refreshed app experience. The update adds pin-to-home-screen door unlocking, a new Admin Access card, improved Remote Access and VPN flows, plus redesigned Profile and Wallet screens.
UniFi Endpoint Android 4.0.0 includes the improvements and bugfix below.
Improvements
- Added support for pinning remote-access doors to the home screen for one-tap unlocking.
- Added Admin Access card on the main screen.
- Improved site selection by automatically detecting the nearest site using Bluetooth, Wi-Fi, and GPS signals.
- Improved Remote Access by organizing doors by location in a dedicated view.
- Improved Tips by allowing multiple tips to be expanded and collapsed from the header.
- Improved the VPN experience with inline profile display, session timers, and quick reauthentication.
- Improved onboarding with refreshed sign-in and credential flows.
- Redesigned the Profile screen with updated door settings and organization or site icons.
- Redesigned the Wallet screen with a cleaner card layout, consistent icons, and full dark mode support.
- Jun 29, 2026
- Date parsed from source:Jun 29, 2026
- First seen by Releasebot:Jun 30, 2026
3.24.22 Official
Ubiquiti releases 3.24.22 Official for its latest product update.
3.24.22 Official
Original source - Jun 29, 2026
- Date parsed from source:Jun 29, 2026
- First seen by Releasebot:Jun 30, 2026
- Jun 29, 2026
- Date parsed from source:Jun 29, 2026
- First seen by Releasebot:Jun 30, 2026
6.6.112 Release Candidate
Ubiquiti ships 6.6.112 Release Candidate.
6.6.112 Release Candidate
Original source - Jun 29, 2026
- Date parsed from source:Jun 29, 2026
- First seen by Releasebot:Jun 29, 2026
Community Update
Ubiquiti improves mentions, search, and deleted-reply handling with a smoother conversation experience. It prioritizes the parent reply author in mention suggestions, refreshes the search bar with a keyboard shortcut, and adds clearer feedback when opening links to deleted replies.
This release improves the mention experience by making it easier to quickly tag the right person in conversations. It also improves how deleted replies are handled when opening direct links, providing clearer feedback and a more consistent navigation experience.
Improvements
- The author of the parent reply is now prioritized in the mention suggestions, making it faster to mention the person you're replying to.
- The search bar has been updated with a refreshed user interface and now supports a keyboard shortcut for quicker access.
Bugfixes
When opening a direct link to a reply that has been deleted, the page now automatically loads from the top of the discussion and displays a notification explaining that the reply is no longer available.
Original source - Jun 28, 2026
- Date parsed from source:Jun 28, 2026
- First seen by Releasebot:Jun 29, 2026
UniFi Connect Display Cast Pro 1.0.108
Ubiquiti ships UniFi Connect Display Cast Pro 1.0.108 with better 4K playback, lower memory use, and a layout URL fix.
UniFi Connect Display Cast Pro 1.0.108 includes the following improvements and bugfixes.
Improvements
- Enhanced 4K video playback with improved color accuracy and overall visual fidelity.
- Optimized memory usage to improve device performance.
Bugfixes
- Fixed an issue where layout URLs could fail to load due to missing timeout handling.
Curated by the Releasebot team
Releasebot is an aggregator of official release notes from hundreds of software vendors and thousands of sources.
Our editorial process involves the manual review and audit of release notes procured with the help of automated systems.