CVE-2026-55116

Summary

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncDream Machines0 < 5.1.19affected
Ubiquiti IncEnterprise Fortress Gateway0 < 5.1.19affected
Ubiquiti IncDream Wall0 < 5.1.19affected
Ubiquiti IncDream Routers0 < 5.1.19affected
Ubiquiti IncExpress 70 < 5.1.19affected
Ubiquiti IncCloud Gateways0 < 5.1.19affected
Ubiquiti IncEnterprise Firewall Core0 < 5.1.19affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References