PatchSiren cyber security CVE debrief
CVE-2026-55110 Ubiquiti Inc CVE debrief
CVE-2026-55110 is a high-severity vulnerability in UniFi OS due to a Cross-Origin Resource Sharing (CORS) misconfiguration. An attacker could exploit this by luring an authenticated user to a malicious page to trigger actions in UniFi OS using that user's session. The vulnerability has a CVSS score of 7.5 and is classified as HIGH. This vulnerability affects UniFi OS Server, particularly those using versions prior to 5.1.15. The CVE record was published on 2026-07-02T15:17:04.870Z and was last modified on 2026-07-09T18:33:16.890Z. The NVD entry is currently Undergoing Analysis. Administrators should be aware of this vulnerability and take necessary precautions to patch or mitigate the vulnerability.
- Vendor
- Ubiquiti Inc
- Product
- UniFi OS Server
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-09
Who should care
Administrators and users of UniFi OS Server, particularly those using versions prior to 5.1.15, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability exists due to a CORS misconfiguration in UniFi OS. This allows an attacker to exploit an authenticated user's session by luring them to a malicious page, potentially leading to unauthorized actions within the UniFi OS. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Defensive priority
High priority should be given to patching UniFi OS versions prior to 5.1.15. Additionally, administrators should ensure that users are aware of the risks associated with clicking on suspicious links.
Recommended defensive actions
- Apply patches or updates to UniFi OS to version 5.1.15 or later.
- Implement additional security measures such as monitoring for suspicious activity.
- Educate users on the risks of clicking on suspicious links.
Evidence notes
The CVE record was published on 2026-07-02T15:17:04.870Z and was last modified on 2026-07-09T18:33:16.890Z. The NVD entry is currently Undergoing Analysis.
Official resources
-
CVE-2026-55110 CVE record
CVE.org
-
CVE-2026-55110 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:04.870Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.