PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55119 Ubiquiti Inc CVE debrief

CVE-2026-55119 is an Improper Access Control vulnerability in UniFi Talk Application. A malicious actor with access to the network and low privileges could exploit this vulnerability to escalate privileges within the UniFi Talk Application. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The vulnerability affects UniFi Talk Application and has a significant impact on security teams and administrators responsible for the application.

Vendor
Ubiquiti Inc
Product
UniFi Talk Application
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-09
Advisory published
2026-07-02
Advisory updated
2026-07-09

Who should care

Security teams and administrators responsible for UniFi Talk Application should be aware of this vulnerability and take necessary actions to mitigate it. They should review and verify patch deployment, restrict access to the application, and monitor for suspicious activity.

Technical summary

The vulnerability is caused by an Improper Access Control issue in UniFi Talk Application. An attacker with low privileges and network access could exploit this vulnerability to escalate privileges within the application. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability has a significant impact on the security of the UniFi Talk Application.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it could allow an attacker to escalate privileges within the UniFi Talk Application.

Recommended defensive actions

  • Apply the patch or update to version 5.2.2 or later
  • Restrict access to the UniFi Talk Application
  • Monitor for suspicious activity
  • Implement compensating controls
  • Review and verify patch deployment

Evidence notes

The CVE record was published on 2026-07-02T15:17:05.957Z and was last modified on 2026-07-09T13:19:26.580Z. The NVD entry is currently Analyzed. The vulnerability is an Improper Access Control issue in UniFi Talk Application. Evidence of exploitation is not available, but defenders should verify patch deployment and monitor for suspicious activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.957Z and has not been modified since then. The NVD entry is currently Analyzed.