PatchSiren cyber security CVE debrief
CVE-2026-55116 Ubiquiti Inc CVE debrief
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. This critical vulnerability, CVE-2026-55116, has a CVSS score of 9 and is classified as CRITICAL. The vulnerability affects certain devices running UniFi OS, and security teams should verify the affected scope and take immediate action to protect their networks. The CVE record was published on 2026-07-02T15:17:05.633Z and last modified on 2026-07-09T18:14:16.047Z. The NVD entry is currently Undergoing Analysis. Security teams and administrators responsible for UniFi OS devices should be aware of this critical vulnerability and take immediate action to protect their networks, considering compensating controls, such as intrusion detection systems, and reviewing and updating UniFi OS devices to ensure they are running the latest version.
- Vendor
- Ubiquiti Inc
- Product
- Dream Machines
- CVSS
- CRITICAL 9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-09
Who should care
Security teams and administrators responsible for UniFi OS devices should be aware of this critical vulnerability and take immediate action to protect their networks.
Technical summary
The CVE-2026-55116 vulnerability is an Improper Access Control issue found in certain devices running UniFi OS. A malicious actor with network access and under specific network configurations could exploit this vulnerability to make unauthorized changes to UniFi OS devices. The vulnerability has a CVSS score of 9 and is classified as CRITICAL.
Defensive priority
High
Recommended defensive actions
- Review and update UniFi OS devices to ensure they are running the latest version
- Implement network segmentation to limit access to vulnerable devices
- Monitor network activity for suspicious changes to UniFi OS devices
- Consider compensating controls, such as intrusion detection systems
Evidence notes
The CVE record was published on 2026-07-02T15:17:05.633Z and last modified on 2026-07-09T18:14:16.047Z. The NVD entry is currently Undergoing Analysis. This information is based on the NVD entry and the CVE record. The vulnerability affects certain devices running UniFi OS. Security teams should verify the affected scope and take immediate action to protect their networks.
Official resources
-
CVE-2026-55116 CVE record
CVE.org
-
CVE-2026-55116 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.633Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.