Pwn2Own Berlin 2026: Ubiquiti AI Pro WebSocket Parsing Flaw Leads to DoS (CVE-2026-21634)
Ubiquiti Networks has patched a denial-of-service vulnerability in its AI Pro camera AI Pro devices, discovered during Pwn2Own Berlin 2026, that allows network-adjacent attackers to crash the system without authentication.
Ubiquiti Networks has released a security update to address CVE-2026-21634, a denial-of-service vulnerability in its AI Pro camera line that was discovered during the Pwn2Own Berlin 2026 competition. The flaw, reported by researcher David BERARD from Synacktiv, resides in the device's WebSocket header parsing logic and header parsing logic and can be exploited by an unauthenticated attacker on the same network segment to crash the system.
The vulnerability stems from improper validation of user-supplied data during WebSocket header parsing, which triggers an uncaught exception. The issue is classified as CWE-248 (Uncaught Exception) and carries a CVSS score of 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Because the attack requires no authentication and only network adjacency, it poses a significant risk to organizations that have deployed AI Pro cameras in accessible network zones.
Ubiquiti's AI Pro is a high-end surveillance camera that leverages on-device machine learning for object detection and analytics. The devices are commonly used in enterprise, retail, and smart-city deployments. While the vulnerability does not allow data theft or code execution, a successful denial-of-service attack could blind security operations by disabling camera feeds, potentially leaving physical premises unmonitored.
Ubiquiti has issued a security advisory (Bulletin 058) and recommends that all AI Pro users apply the latest firmware update immediately. The advisory is available on the Ubiquiti Community forums. The company did not disclose whether any in-the-wild exploitation has been observed, but the public disclosure of the vulnerability and its discovery during a high-profile contest increases the likelihood of weaponization.
The Pwn2Own Berlin 2026 competition, where this bug was demonstrated, awarded a total of $1.3 million for 47 zero-days across enterprise and AI products. The Ubiquiti AI Pro DoS was one of several camera-related vulnerabilities showcased, highlighting the growing attack surface of physical security devices that are increasingly connected to corporate networks.
Organizations using Ubiquiti AI Pro cameras should prioritize patching, segment IoT and surveillance devices onto dedicated VLANs, and monitor for unusual crashes or reboots that could indicate exploitation attempts. This incident underscores the importance of treating physical security appliances as critical network assets that require the same patch management rigor as servers and endpoints.