CVE-2026-21633 is a vulnerability identified in the UniFi Protect Application by Ubiquiti Inc, specifically affecting versions 6.1.79 and earlier. The flaw resides in the discovery protocol used by the application to identify and communicate with UniFi Protect Cameras on the local network. An attacker positioned on an adjacent network segment can exploit this vulnerability to bypass authentication controls and gain unauthorized access to the cameras. This access potentially allows the attacker to view live video feeds, manipulate camera settings, or disrupt camera operations, impacting confidentiality, integrity, and availability of surveillance data. The vulnerability does not require any user interaction or prior authentication, significantly lowering the barrier for exploitation. The CVSS v3.1 base score of 8.8 reflects the high severity, with attack vector classified as adjacent network, low attack complexity, no privileges required, and no user interaction needed. The vulnerability is mitigated by updating the UniFi Protect Application to version 6.2.72 or later, where the discovery protocol has been secured against unauthorized access. No public exploits have been reported yet, but given the nature of the flaw and the critical role of surveillance systems, the risk remains substantial.

For European organizations, this vulnerability poses a significant risk to physical security and privacy. Unauthorized access to surveillance cameras can lead to espionage, unauthorized monitoring of sensitive areas, and potential manipulation or disabling of security systems. This can compromise the safety of personnel, intellectual property, and critical infrastructure. Organizations in sectors such as government, transportation, energy, and finance that rely on UniFi Protect for video surveillance are particularly vulnerable. The breach of confidentiality and integrity of video feeds can also lead to regulatory compliance issues under GDPR, especially if personal data is exposed. The availability impact could disrupt security operations, leading to gaps in surveillance coverage. The ease of exploitation without authentication increases the threat level, especially in environments where network segmentation is weak or adjacent network access can be gained through compromised devices or insider threats.

European organizations should immediately verify their UniFi Protect Application versions and upgrade to version 6.2.72 or later to remediate the vulnerability. Beyond patching, network segmentation should be enforced to isolate surveillance devices from general user networks, limiting adjacent network access. Implement strict access controls and monitoring on network segments hosting UniFi Protect devices to detect anomalous discovery protocol traffic. Employ network intrusion detection systems (NIDS) tuned to identify suspicious activity related to UniFi Protect discovery protocols. Regularly audit and update firmware on all UniFi Protect cameras and related infrastructure. Educate IT and security teams about the risks of adjacent network attacks and ensure physical security of network access points to prevent unauthorized connections. Finally, review and enhance incident response plans to quickly address any potential compromise of surveillance systems.