CVE-2026-55112

Summary

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncDream Machines0 < 5.1.19affected
Ubiquiti IncDream Wall0 < 5.1.19affected
Ubiquiti IncDream Routers0 < 5.1.19affected
Ubiquiti IncCloud Keys0 < 5.1.19affected
Ubiquiti IncNetwork Video Recorders0 < 5.1.19affected
Ubiquiti IncEnterprise Video Recorders0 < 5.1.19affected
Ubiquiti IncCloud Gateways0 < 5.1.19affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References