CVE-2026-21633 is a vulnerability identified in the UniFi Protect Application by Ubiquiti Inc, specifically affecting versions 6.1.79 and earlier. The flaw resides in the discovery protocol used by the application to detect and communicate with UniFi Protect Cameras on the local network. A malicious actor positioned on an adjacent network segment can exploit this protocol vulnerability to bypass authentication mechanisms and gain unauthorized access to camera devices. This access could allow the attacker to view live camera feeds, manipulate camera settings, or disrupt camera operations, thereby compromising confidentiality, integrity, and availability. The vulnerability is classified under CWE-287 (Improper Authentication), indicating that the discovery protocol fails to properly verify the legitimacy of requests. The CVSS v3.1 base score is 8.8, with vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires adjacent network access but no privileges or user interaction, and results in high impact across all security dimensions. The vulnerability was published on January 5, 2026, and no known exploits have been reported in the wild yet. The recommended mitigation is to update the UniFi Protect Application to version 6.2.72 or later, where the discovery protocol has been secured to prevent unauthorized access.

For European organizations, this vulnerability poses a significant risk to security and privacy, especially for those relying on UniFi Protect cameras for surveillance in sensitive environments such as corporate offices, government buildings, critical infrastructure, and public spaces. Unauthorized access to camera feeds could lead to espionage, data leakage, or physical security breaches. The integrity of camera configurations could be compromised, enabling attackers to disable or manipulate surveillance. Availability could also be affected if attackers disrupt camera operations. Given the widespread use of Ubiquiti products in Europe, particularly in small to medium enterprises and some public sector deployments, the impact could be broad. The vulnerability's requirement for adjacent network access means that attackers would need some level of network proximity, which could be achieved through compromised devices, insider threats, or poorly segmented networks. The lack of authentication and user interaction requirements increases the ease of exploitation once network access is obtained.

European organizations should immediately verify their UniFi Protect Application versions and upgrade to version 6.2.72 or later to remediate this vulnerability. Network segmentation should be enforced to isolate surveillance camera networks from general user and guest networks, reducing the risk of adjacent network access by unauthorized actors. Implement strict access controls and monitoring on local networks to detect anomalous discovery protocol traffic. Employ network intrusion detection systems (NIDS) capable of identifying suspicious activity related to UniFi Protect discovery communications. Regularly audit and update all Ubiquiti devices and applications to ensure timely application of security patches. Additionally, consider disabling unnecessary discovery protocols or services if feasible, and enforce strong physical security controls to prevent unauthorized local network access. Training IT staff on the risks associated with network adjacency and lateral movement can further reduce exploitation likelihood.