PatchSiren cyber security CVE debrief
CVE-2026-55119 Ubiquiti Inc CVE debrief
CVE-2026-55119 is an Improper Access Control vulnerability in UniFi Talk Application. A malicious actor with access to the network and low privileges could exploit this vulnerability to escalate privileges within the UniFi Talk Application. The vulnerability has a CVSS score of 8.1 and is classified as HIGH severity. The vulnerability affects UniFi Talk Application and has a significant impact on security teams and administrators responsible for the application.
- Vendor
- Ubiquiti Inc
- Product
- UniFi Talk Application
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-09
Who should care
Security teams and administrators responsible for UniFi Talk Application should be aware of this vulnerability and take necessary actions to mitigate it. They should review and verify patch deployment, restrict access to the application, and monitor for suspicious activity.
Technical summary
The vulnerability is caused by an Improper Access Control issue in UniFi Talk Application. An attacker with low privileges and network access could exploit this vulnerability to escalate privileges within the application. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability has a significant impact on the security of the UniFi Talk Application.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it could allow an attacker to escalate privileges within the UniFi Talk Application.
Recommended defensive actions
- Apply the patch or update to version 5.2.2 or later
- Restrict access to the UniFi Talk Application
- Monitor for suspicious activity
- Implement compensating controls
- Review and verify patch deployment
Evidence notes
The CVE record was published on 2026-07-02T15:17:05.957Z and was last modified on 2026-07-09T13:19:26.580Z. The NVD entry is currently Analyzed. The vulnerability is an Improper Access Control issue in UniFi Talk Application. Evidence of exploitation is not available, but defenders should verify patch deployment and monitor for suspicious activity.
Official resources
-
CVE-2026-55119 CVE record
CVE.org
-
CVE-2026-55119 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.957Z and has not been modified since then. The NVD entry is currently Analyzed.