{"api_version":"1","generated_at":"2026-07-02T18:33:27+00:00","cve":"CVE-2026-55116","urls":{"html":"https://cve.report/CVE-2026-55116","api":"https://cve.report/api/cve/CVE-2026-55116.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-55116","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-55116"},"summary":{"title":"CVE-2026-55116","description":"A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.","state":"PUBLISHED","assigner":"hackerone","published_at":"2026-07-02 15:17:05","updated_at":"2026-07-02 16:54:47"},"problem_types":["CWE-284","CWE-284 CWE-284 Improper Access Control - Generic"],"metrics":[{"version":"3.1","source":"support@hackerone.com","type":"Secondary","score":"9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"9","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","data":{"baseScore":9,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc","name":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc","refsource":"support@hackerone.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-55116","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-55116","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Ubiquiti Inc","product":"Dream Machines","version":"affected 5.1.19 semver","platforms":[]},{"source":"CNA","vendor":"Ubiquiti Inc","product":"Enterprise Fortress Gateway","version":"affected 5.1.19 semver","platforms":[]},{"source":"CNA","vendor":"Ubiquiti Inc","product":"Dream Wall","version":"affected 5.1.19 semver","platforms":[]},{"source":"CNA","vendor":"Ubiquiti Inc","product":"Dream Routers","version":"affected 5.1.19 semver","platforms":[]},{"source":"CNA","vendor":"Ubiquiti Inc","product":"Express 7","version":"affected 5.1.19 semver","platforms":[]},{"source":"CNA","vendor":"Ubiquiti Inc","product":"Cloud Gateways","version":"affected 5.1.19 semver","platforms":[]},{"source":"CNA","vendor":"Ubiquiti Inc","product":"Enterprise Firewall Core","version":"affected 5.1.19 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-55116","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-07-02T15:41:23.595428Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-02T15:51:11.890Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Dream Machines","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Enterprise Fortress Gateway","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Dream Wall","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Dream Routers","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Express 7","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Cloud Gateways","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Enterprise Firewall Core","vendor":"Ubiquiti Inc","versions":[{"lessThan":"5.1.19","status":"affected","version":"0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices."}],"metrics":[{"cvssV3_1":{"baseScore":9,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control - Generic","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-02T14:50:48.820Z","orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone"},"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"}]}},"cveMetadata":{"assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","cveId":"CVE-2026-55116","datePublished":"2026-07-02T14:50:48.820Z","dateReserved":"2026-06-16T15:00:01.614Z","dateUpdated":"2026-07-02T15:51:11.890Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-02 15:17:05","lastModifiedDate":"2026-07-02 16:54:47","problem_types":["CWE-284","CWE-284 CWE-284 Improper Access Control - Generic"],"metrics":{"cvssMetricV31":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-02T15:41:23.595428Z","id":"CVE-2026-55116","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"55116","Ordinal":"1","Title":"CVE-2026-55116","CVE":"CVE-2026-55116","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"55116","Ordinal":"1","NoteData":"A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.","Type":"Description","Title":"CVE-2026-55116"}]}}}