PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55113 Ubiquiti Inc CVE debrief

A Server-Side Request Forgery (SSRF) vulnerability was found in the UniFi Talk Application. This vulnerability could allow a malicious actor with network access to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The affected product is the UniFi Talk Application, and the vulnerability class is SSRF. The likely operational impact is a Denial of Service (DoS) attack, and the source-confidence limits are based on the CVE record and NVD entry.

Vendor
Ubiquiti Inc
Product
UniFi Talk Application
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-09
Advisory published
2026-07-02
Advisory updated
2026-07-09

Who should care

Administrators and users of UniFi Talk Application, especially those with network access, should be aware of this vulnerability and take necessary precautions. The vulnerability affects operators who manage the UniFi Talk Application, as well as security teams responsible for monitoring and incident response. Platform and vulnerability-management teams should also review the vulnerability and implement necessary mitigations.

Technical summary

The CVE-2026-55113 vulnerability is a Server-Side Request Forgery (SSRF) issue in the UniFi Talk Application. It has a CVSS score of 7.5 and is classified as HIGH severity. The vulnerability allows for Denial of Service (DoS) attacks and authentication bypass in certain API endpoints. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H. The affected product is the UniFi Talk Application, and the defensive impact is high.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it can lead to significant disruptions and potential security breaches.

Recommended defensive actions

  • Apply the patch or update to version 5.2.2 or later
  • Restrict network access to the UniFi Talk Application
  • Monitor API endpoints for suspicious activity
  • Implement additional security measures, such as authentication and rate limiting
  • Review compensating controls for exposed systems while remediation is scheduled and verified

Evidence notes

The CVE record was published on 2026-07-02T15:17:05.303Z and last modified on 2026-07-09T13:19:57.720Z. The NVD entry is currently Analyzed. The vulnerability is a Server-Side Request Forgery (SSRF) issue in the UniFi Talk Application. Evidence of exploitation is not currently available, but defenders should verify the affected scope and severity. The CVE record provides limited information on the vulnerability, and further review of the official advisory or vendor guidance is recommended.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.303Z and has not been modified since then. The NVD entry is currently Analyzed.