CVE-2026-55116 PUBLISHED

Assigner: hackerone
Reserved: 16.06.2026 Published: 02.07.2026 Updated: 02.07.2026

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9

Product Status

Vendor Ubiquiti Inc
Product Dream Machines
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)
Vendor Ubiquiti Inc
Product Enterprise Fortress Gateway
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)
Vendor Ubiquiti Inc
Product Dream Wall
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)
Vendor Ubiquiti Inc
Product Dream Routers
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)
Vendor Ubiquiti Inc
Product Express 7
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)
Vendor Ubiquiti Inc
Product Cloud Gateways
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)
Vendor Ubiquiti Inc
Product Enterprise Firewall Core
Versions Default: unaffected
  • affected from 0 to 5.1.19 (excl.)

References

Problem Types

  • CWE-284 Improper Access Control - Generic CWE