CVE-2026-21635

Improper Access Control Allowing Wi‑Fi AutoLink on Ethernet‑Only Adopted Devices

Description

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

INFO

Published Date :

2026-01-05T16:47:39.081Z

Last Modified :

2026-01-07T15:19:03.376Z

Source :

hackerone

AFFECTED PRODUCTS

The following products are affected by CVE-2026-21635 vulnerability.

Vendors	Products
Ubiquiti	Ev Station Lite
Ui	Unifi Connect Ev Station Lite Unifi Connect Ev Station Lite Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21635.

URL	Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-059/0c0b7f7a-68b7-41b9-987e-554f4b40e0e6

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact