PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55115 Ui CVE debrief

A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in UniFi Protect Application. This vulnerability allows a malicious actor with access to the network and low privileges to escalate privileges on the host device. The vulnerability has a CVSS score of 9.9 and is considered CRITICAL. The vulnerability was reported by [email protected] and is described in the NVD entry. The CVE record was published on 2026-07-02T15:17:05.513Z and was last modified on 2026-07-07T16:36:26.370Z. The NVD entry is currently Analyzed. Administrators and users of UniFi Protect Application should be aware of this vulnerability and take necessary actions to mitigate it.

Vendor
Ui
Product
UniFi Protect
CVSS
CRITICAL 9.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-02
Original CVE updated
2026-07-07
Advisory published
2026-07-02
Advisory updated
2026-07-07

Who should care

Administrators and users of UniFi Protect Application should be aware of this vulnerability and take necessary actions to mitigate it. This vulnerability can be exploited by a malicious actor with access to the network and low privileges, making it a high-risk vulnerability.

Technical summary

The vulnerability is a Server-Side Request Forgery (SSRF) in UniFi Protect Application. This type of vulnerability allows an attacker to manipulate the server into making unintended requests, which can lead to privilege escalation. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating that it can be exploited over the network with low privileges, and can lead to high impact on confidentiality, integrity, and availability.

Defensive priority

High

Recommended defensive actions

  • Apply the patch or update to the latest version of UniFi Protect Application
  • Restrict access to the network and implement additional security controls
  • Monitor the system for suspicious activity
  • Implement compensating controls, such as web application firewalls
  • Conduct regular vulnerability assessments and penetration testing

Evidence notes

The vulnerability was reported by [email protected] and is described in the NVD entry. The CVE record was published on 2026-07-02T15:17:05.513Z and was last modified on 2026-07-07T16:36:26.370Z. The NVD entry is currently Analyzed.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:05.513Z and has not been modified since then. The NVD entry is currently Analyzed.