GHSA-fcgm-88x5-cv87 · Severity: high — A malicious actor with access to the network and low privileges could exploit a series of...
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
Conclusion & alert: CVE-2026-54404 is rated Moderate Risk (40.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.24%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-07-03 | — | 0.24% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
GHSA-fcgm-88x5-cv87 · Severity: high — A malicious actor with access to the network and low privileges could exploit a series of...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| ui | unifi_dream_machine_beast_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:* |
| ui | enterprise_fortress_gateway_firmware | <= 5.1.15 | cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_router_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_router_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_wall_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_wall_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_router_7_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_router_7_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_express_7_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_express_7_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloudkey_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloud_key_plus_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloudkey_enterprise_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_network_video_recorder_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_network_video_recorder_pro_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_network_video_recorder_instant_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*:*:*:*:*:*:*:* |
| ui | enterprise_network_video_recorder_firmware | <= 5.1.15 | cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:* |
| ui | enterprise_network_video_recorder_core_firmware | <= 5.1.15 | cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_network_video_recorder_g2_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_network_video_recorder_g2_pro_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloud_gateway_ultra_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloud_gateway_max_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloud_gateway_industrial_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_cloud_gateway_fiber_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:* |
| ui | unas_2_firmware | <= 5.1.16 | cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:* |
| ui | unas_4_firmware | <= 5.1.16 | cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:* |
| ui | unas_pro_firmware | <= 5.1.16 | cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:* |
| ui | unas_pro_4_firmware | <= 5.1.16 | cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:* |
| ui | unas_pro_8_firmware | <= 5.1.16 | cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:* |
| ui | enterprise_firewall_core_firmware | <= 5.1.18 | cpe:2.3:o:ui:enterprise_firewall_core_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_os_server | <= 5.1.15 | cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:* |
| ui | unifi_dream_machine_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_machine_pro_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_machine_special_edition_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_machine_pro_max_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:* |
| ui | unifi_dream_router_5g_max_firmware | <= 5.1.15 | cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*:*:*:*:*:*:*:* |