CVE-2026-21634 is a vulnerability identified in the UniFi Protect Application by Ubiquiti Inc, specifically affecting versions 6.1.79 and earlier. The flaw arises from an overflow condition in the application's discovery protocol, which is used for device and service detection within local networks. A malicious actor with access to the adjacent network segment can send crafted packets that overflow this protocol's buffer, causing the application to restart unexpectedly. This results in a denial-of-service (DoS) condition, impacting the availability of the UniFi Protect service. The vulnerability does not compromise confidentiality or integrity since it does not allow data leakage or unauthorized modification. The attack vector requires network adjacency, meaning the attacker must be on the same or a directly connected network segment, but no privileges or user interaction are necessary. The CVSS v3.1 base score is 6.5, reflecting a medium severity primarily due to the impact on availability and ease of exploitation. The vendor has addressed this issue in UniFi Protect Application version 6.2.72 and later, recommending users to update promptly. No public exploits have been reported, but the potential for service disruption in environments relying on UniFi Protect is significant, especially in surveillance and security monitoring contexts.

For European organizations, the primary impact of CVE-2026-21634 is the potential disruption of video surveillance and security monitoring services provided by the UniFi Protect Application. This can lead to temporary loss of video feeds, delayed incident detection, and reduced situational awareness, which may affect physical security operations. Critical infrastructure, government facilities, and enterprises relying on UniFi Protect for security monitoring could experience operational interruptions. Although the vulnerability does not expose sensitive data or allow unauthorized control, the denial-of-service effect can degrade trust in security systems and increase response times to physical security incidents. Organizations in sectors such as transportation, energy, healthcare, and public safety that deploy UniFi Protect devices are particularly at risk. The requirement for network adjacency limits remote exploitation but does not eliminate risk in environments where network segmentation is weak or where attackers can gain local network access through compromised devices or insider threats.

European organizations should immediately upgrade the UniFi Protect Application to version 6.2.72 or later to remediate this vulnerability. Beyond patching, network segmentation should be enforced to restrict access to the UniFi Protect discovery protocol to trusted devices only, minimizing the attack surface. Implement strict access controls and monitoring on local networks to detect anomalous traffic patterns indicative of discovery protocol abuse. Employ network intrusion detection systems (NIDS) capable of identifying malformed packets targeting the discovery protocol. Regularly audit and update firmware and software of all UniFi devices to ensure they are not running vulnerable versions. Additionally, consider isolating surveillance systems on dedicated VLANs with limited access to reduce the risk of lateral movement by attackers. Incident response plans should include procedures for rapid restoration of UniFi Protect services in case of disruption.