• Advisory Details (Pwn2Own) Ubiquiti Networks AI Pro Cleartext Transmission Information Disclosure Vulnerability ZDI-26-127ZDI-CAN-28474 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Ubiquiti Networks AI Pro • Authentication is not required to exploit this vulnerability • The specific flaw exists within device authentication • The issue results from continuing to support a legacy authentication method • An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise • 2025-11-26 - Vulnerability reported to vendor 2026-02-25 - Coordinated public release of advisory 2026-02-25 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds

Article Summaries:

  • CVE ID | CVE-2026-21633 | CVSS SCORE | 5.3, AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | AFFECTED VENDORS | Ubiquiti Networks | AFFECTED PRODUCTS | AI Pro | VULNERABILITY DETAILS | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Ubiquiti Networks AI Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within device authentication. The issue results from continuing to support a legacy authentication method. An attacker can leverage this vulnerability to disclose stored credentials, leading to fur

Sources: