PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55110 Ubiquiti Inc CVE debrief

CVE-2026-55110 is a high-severity vulnerability in UniFi OS due to a Cross-Origin Resource Sharing (CORS) misconfiguration. An attacker could exploit this by luring an authenticated user to a malicious page to trigger actions in UniFi OS using that user's session. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. This vulnerability affects UniFi OS Server, particularly those using versions prior to 5.1.15. The CVE record was published on 2026-07-02T15:17:04.870Z and was last modified on 2026-07-09T18:33:16.890Z. The NVD entry is currently Undergoing Analysis. Administrators should be aware of this vulnerability and take necessary precautions to patch or mitigate the vulnerability.

Vendor
Ubiquiti Inc
Product
UniFi OS Server
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-09
Advisory published
2026-07-02
Advisory updated
2026-07-09

Who should care

Administrators and users of UniFi OS Server, particularly those using versions prior to 5.1.15, should be aware of this vulnerability and take necessary precautions.

Technical summary

The vulnerability exists due to a CORS misconfiguration in UniFi OS. This allows an attacker to exploit an authenticated user's session by luring them to a malicious page, potentially leading to unauthorized actions within the UniFi OS. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

High priority should be given to patching UniFi OS versions prior to 5.1.15. Additionally, administrators should ensure that users are aware of the risks associated with clicking on suspicious links.

Recommended defensive actions

  • Apply patches or updates to UniFi OS to version 5.1.15 or later.
  • Implement additional security measures such as monitoring for suspicious activity.
  • Educate users on the risks of clicking on suspicious links.

Evidence notes

The CVE record was published on 2026-07-02T15:17:04.870Z and was last modified on 2026-07-09T18:33:16.890Z. The NVD entry is currently Undergoing Analysis.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:04.870Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.