Ubiquiti UniFi Network Controller Improper Certificate Validation Vulnerability Allowing Credential Theft via Man-in-the-Middle Attack

Vulnerability

A vulnerability exists in Ubiquiti UniFi Network Controller versions prior to 5.10.22 and 5.11.x prior to 5.11.18, due to improper certificate verification. This flaw allows adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections. Exploiting the inadequate SSL host verification in the SMTP certificate validation process, attackers can intercept SMTP traffic and capture credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized interception of SMTP traffic and theft of credentials.

Added: Mar 27, 2026, 10:33 PM

Updated: Mar 27, 2026, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubiquiti UniFi Network Controller Improper Certificate Validation Vulnerability Allowing Credential Theft via Man-in-the-Middle Attack

Vulnerability

Impact

Affected Products

Ubiquiti UniFi Network Controller

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating