CVE-2026-55116
Summary
| CVE | CVE-2026-55116 |
|---|---|
| State | PUBLISHED |
| Assigner | hackerone |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-02 15:17:05 UTC |
| Updated | 2026-07-02 16:54:47 UTC |
| Description | A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. |
Risk And Classification
Primary CVSS: v3.1 9 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Problem Types: CWE-284 | CWE-284 CWE-284 Improper Access Control - Generic
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 9 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 9 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Ubiquiti Inc | Dream Machines | affected 5.1.19 semver | Not specified |
| CNA | Ubiquiti Inc | Enterprise Fortress Gateway | affected 5.1.19 semver | Not specified |
| CNA | Ubiquiti Inc | Dream Wall | affected 5.1.19 semver | Not specified |
| CNA | Ubiquiti Inc | Dream Routers | affected 5.1.19 semver | Not specified |
| CNA | Ubiquiti Inc | Express 7 | affected 5.1.19 semver | Not specified |
| CNA | Ubiquiti Inc | Cloud Gateways | affected 5.1.19 semver | Not specified |
| CNA | Ubiquiti Inc | Enterprise Firewall Core | affected 5.1.19 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-422... | [email protected] | community.ui.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.