PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55116 Ubiquiti Inc CVE debrief

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices. This critical vulnerability, CVE-2026-55116, has a CVSS score of 9 and is classified as CRITICAL. The vulnerability affects certain devices running UniFi OS, and security teams should verify the affected scope and take immediate action to protect their networks. The CVE record was published on 2026-07-02T15:17:05.633Z and last modified on 2026-07-09T18:14:16.047Z. The NVD entry is currently Undergoing Analysis. Security teams and administrators responsible for UniFi OS devices should be aware of this critical vulnerability and take immediate action to protect their networks, considering compensating controls, such as intrusion detection systems, and reviewing and updating UniFi OS devices to ensure they are running the latest version.

Vendor
Ubiquiti Inc
Product
Dream Machines
CVSS
CRITICAL 9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-09
Advisory published
2026-07-02
Advisory updated
2026-07-09

Who should care

Security teams and administrators responsible for UniFi OS devices should be aware of this critical vulnerability and take immediate action to protect their networks.

Technical summary

The CVE-2026-55116 vulnerability is an Improper Access Control issue found in certain devices running UniFi OS. A malicious actor with network access and under specific network configurations could exploit this vulnerability to make unauthorized changes to UniFi OS devices. The vulnerability has a CVSS score of 9 and is classified as CRITICAL.

Defensive priority

High

Recommended defensive actions

  • Review and update UniFi OS devices to ensure they are running the latest version
  • Implement network segmentation to limit access to vulnerable devices
  • Monitor network activity for suspicious changes to UniFi OS devices
  • Consider compensating controls, such as intrusion detection systems

Evidence notes

The CVE record was published on 2026-07-02T15:17:05.633Z and last modified on 2026-07-09T18:14:16.047Z. The NVD entry is currently Undergoing Analysis. This information is based on the NVD entry and the CVE record. The vulnerability affects certain devices running UniFi OS. Security teams should verify the affected scope and take immediate action to protect their networks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.633Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.