PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55111 Ubiquiti Inc CVE debrief

A Path Traversal vulnerability was found in UniFi Protect Floodlight devices. This vulnerability allows a malicious actor with access to the network to exploit the vulnerability and access files on the UniFi Protect Floodlight. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. Security teams and administrators should be aware of this vulnerability and take necessary actions to mitigate it.

Vendor
Ubiquiti Inc
Product
UniFi Protect Floodlight
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-09
Advisory published
2026-07-02
Advisory updated
2026-07-09

Who should care

Security teams and administrators responsible for UniFi Protect Floodlight devices should be aware of this vulnerability and take necessary actions to mitigate it. They should review and apply the vendor's security advisory and patch, restrict access to UniFi Protect Floodlight devices, and monitor for suspicious activity.

Technical summary

The CVE-2026-55111 vulnerability is a Path Traversal issue in UniFi Protect Floodlight devices. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The vulnerability allows a malicious actor with network access to exploit the vulnerability and access files on the UniFi Protect Floodlight. Affected product context indicates that security teams and administrators should review and apply vendor guidance.

Defensive priority

High

Recommended defensive actions

  • Review and apply the vendor's security advisory and patch
  • Restrict access to UniFi Protect Floodlight devices
  • Monitor for suspicious activity
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.

Evidence notes

The CVE record was published on 2026-07-02T15:17:04.987Z and was last modified on 2026-07-09T13:20:47.137Z. The NVD entry is currently Analyzed. The vulnerability affects UniFi Protect Floodlight devices. Evidence is based on CVE and NVD information. Defenders should verify affected product deployments and review vendor advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:04.987Z and has not been modified since then. The NVD entry is currently Analyzed.