Skip to main content

Dream Machines CVE-2026-55112

| EUVDEUVD-2026-41396 HIGH
Improper Access Control (CWE-284)
2026-07-02 hackerone GHSA-8jvx-73vq-fvch
8.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (hackerone) PRIMARY
HIGH
qualitative
NVD
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Reachable over the network with a low-privileged account (AV:N/PR:L); the vendor's 'certain conditions' caveat justifies AC:H, and host takeover gives total C:H/I:H/A:H.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jul 10, 2026 - 02:59 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 10, 2026 - 02:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 10, 2026 - 02:52 vuln.today
cvss_changed
CVSS changed
Jul 10, 2026 - 02:52 NVD
7.5 (HIGH) 8.8 (HIGH)
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:37 vuln.today

DescriptionNVD

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.

AnalysisAI

Privilege escalation in UniFi OS running the UniFi Protect Application (versions below 5.1.19) allows a network-adjacent, low-privileged attacker to gain control of the underlying host device via improper access control. Affected hardware spans Ubiquiti's Dream Machines, Dream Wall, Dream Routers, Cloud Keys, Cloud Gateways, and Network/Enterprise Video Recorders. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Inventory all Ubiquiti UniFi systems in production and document current UniFi Protect Application versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy