PatchSiren cyber security CVE debrief
CVE-2026-55112 Ubiquiti Inc CVE debrief
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability in UniFi OS with UniFi Protect Application to escalate privileges on the host device. This vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The vulnerability allows for potential privilege escalation under certain conditions. Defenders should prioritize patching UniFi OS devices with UniFi Protect Application, especially those exposed to the network with low-privileged access.
- Vendor
- Ubiquiti Inc
- Product
- Dream Machines
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-10
Who should care
Defenders should prioritize patching UniFi OS devices with UniFi Protect Application, especially those exposed to the network with low-privileged access. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact of this vulnerability on their environments.
Technical summary
CVE-2026-55112 is an Improper Access Control vulnerability in UniFi OS with UniFi Protect Application. A remote attacker with low privileges and network access could exploit this vulnerability under certain conditions to escalate privileges on the host device. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. It is recommended to apply patches or updates provided by the vendor and restrict network access to UniFi OS devices.
Defensive priority
High priority due to potential for privilege escalation and the relatively high CVSS score of 7.5.
Recommended defensive actions
- Apply patches or updates provided by the vendor
- Restrict network access to UniFi OS devices
- Monitor for suspicious activity
- Implement compensating controls such as multi-factor authentication
- Inventory and verify UniFi OS device configurations
Evidence notes
The CVE record was published on 2026-07-02T15:17:05.103Z and was last modified on 2026-07-10T02:46:09.190Z. The NVD entry is currently Analyzed. The vulnerability affects UniFi OS with UniFi Protect Application. Defenders should verify the affected scope and severity based on the official CVE record and vendor advisory.
Official resources
-
CVE-2026-55112 CVE record
CVE.org
-
CVE-2026-55112 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.103Z and has not been modified since then. The NVD entry is currently Analyzed.