PatchSiren cyber security CVE debrief
CVE-2026-55113 Ubiquiti Inc CVE debrief
A Server-Side Request Forgery (SSRF) vulnerability was found in the UniFi Talk Application. This vulnerability could allow a malicious actor with network access to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The affected product is the UniFi Talk Application, and the vulnerability class is SSRF. The likely operational impact is a Denial of Service (DoS) attack, and the source-confidence limits are based on the CVE record and NVD entry.
- Vendor
- Ubiquiti Inc
- Product
- UniFi Talk Application
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-09
Who should care
Administrators and users of UniFi Talk Application, especially those with network access, should be aware of this vulnerability and take necessary precautions. The vulnerability affects operators who manage the UniFi Talk Application, as well as security teams responsible for monitoring and incident response. Platform and vulnerability-management teams should also review the vulnerability and implement necessary mitigations.
Technical summary
The CVE-2026-55113 vulnerability is a Server-Side Request Forgery (SSRF) issue in the UniFi Talk Application. It has a CVSS score of 7.5 and is classified as HIGH severity. The vulnerability allows for Denial of Service (DoS) attacks and authentication bypass in certain API endpoints. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H. The affected product is the UniFi Talk Application, and the defensive impact is high.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it can lead to significant disruptions and potential security breaches.
Recommended defensive actions
- Apply the patch or update to version 5.2.2 or later
- Restrict network access to the UniFi Talk Application
- Monitor API endpoints for suspicious activity
- Implement additional security measures, such as authentication and rate limiting
- Review compensating controls for exposed systems while remediation is scheduled and verified
Evidence notes
The CVE record was published on 2026-07-02T15:17:05.303Z and last modified on 2026-07-09T13:19:57.720Z. The NVD entry is currently Analyzed. The vulnerability is a Server-Side Request Forgery (SSRF) issue in the UniFi Talk Application. Evidence of exploitation is not currently available, but defenders should verify the affected scope and severity. The CVE record provides limited information on the vulnerability, and further review of the official advisory or vendor guidance is recommended.
Official resources
-
CVE-2026-55113 CVE record
CVE.org
-
CVE-2026-55113 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.303Z and has not been modified since then. The NVD entry is currently Analyzed.