Ubiquiti AI Pro Discovery Protocol Flaw Allows Network-Adjacent Attackers to Downgrade Encryption
A missing encryption protocol downgrade vulnerability in Ubiquiti Networks AI Pro cameras lets network-adjacent attackers weaken the discovery channel without authentication, earning a Pwn2Own prize.
Ubiquiti Networks has released a security update for its AI Pro camera line after researchers discovered a missing encryption protocol downgrade vulnerability in the device's discovery protocol. Tracked as CVE-2026-21633 and reported by David BERARD of Synacktiv as part of the Pwn2Own competition, the flaw allows a network-adjacent attacker to downgrade the communication channel used by the system without requiring no authentication to exploit.
The vulnerability resides in the discovery protocol of the Ubiquiti AI Pro. According to the advisory published by Zero Day Initiative, the specific issue results from the lack of encryption in the communications channel. An attacker can leverage this vulnerability to downgrade the communication protocol used by the system, potentially enabling further attacks on the camera or the network it resides on.
The flaw carries a CVSS score of 5.4 with a vector of AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating low impact to confidentiality and integrity but no impact to availability. The attack complexity or privileges required. The attack vector is adjacent network, meaning the attacker must be on the same local network segment as the vulnerable device.
Ubiquiti Networks has issued a security update to correct this vulnerability. The company's advisory, available at Ubiquiti's security bulletin, provides details on the patch and affected firmware versions. Users of the AI Pro are urged to apply the update their devices immediately.
The vulnerability was reported to Ubiquiti on November 26, 2025, and the coordinated public release of the advisory occurred on February 25, 2026. The disclosure timeline shows a three-month window between reporting and public disclosure, which is standard for coordinated vulnerability disclosure.
This discovery comes as part of the Pwn2Own competition, where researchers earn significant bounties for finding and responsibly disclosing vulnerabilities in widely used products. The Ubiquiti AI Pro is a popular AI-powered security camera used in enterprise and smart city deployments, making this vulnerability particularly concerning for organizations relying on these devices for physical security.
Network administrators should ensure that Ubiquiti AI Pro cameras are updated to the latest firmware and consider segmenting IoT devices onto separate VLANs to limit the attack surface from network-adjacent threats. The vulnerability underscores the ongoing challenge of securing embedded devices that often lack robust encryption by default.