PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55112 Ubiquiti Inc CVE debrief

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability in UniFi OS with UniFi Protect Application to escalate privileges on the host device. This vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The vulnerability allows for potential privilege escalation under certain conditions. Defenders should prioritize patching UniFi OS devices with UniFi Protect Application, especially those exposed to the network with low-privileged access.

Vendor
Ubiquiti Inc
Product
Dream Machines
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-10
Advisory published
2026-07-02
Advisory updated
2026-07-10

Who should care

Defenders should prioritize patching UniFi OS devices with UniFi Protect Application, especially those exposed to the network with low-privileged access. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact of this vulnerability on their environments.

Technical summary

CVE-2026-55112 is an Improper Access Control vulnerability in UniFi OS with UniFi Protect Application. A remote attacker with low privileges and network access could exploit this vulnerability under certain conditions to escalate privileges on the host device. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. It is recommended to apply patches or updates provided by the vendor and restrict network access to UniFi OS devices.

Defensive priority

High priority due to potential for privilege escalation and the relatively high CVSS score of 7.5.

Recommended defensive actions

  • Apply patches or updates provided by the vendor
  • Restrict network access to UniFi OS devices
  • Monitor for suspicious activity
  • Implement compensating controls such as multi-factor authentication
  • Inventory and verify UniFi OS device configurations

Evidence notes

The CVE record was published on 2026-07-02T15:17:05.103Z and was last modified on 2026-07-10T02:46:09.190Z. The NVD entry is currently Analyzed. The vulnerability affects UniFi OS with UniFi Protect Application. Defenders should verify the affected scope and severity based on the official CVE record and vendor advisory.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.103Z and has not been modified since then. The NVD entry is currently Analyzed.