Skip to main content

UniFi Network Application CVE-2026-55114

| EUVDEUVD-2026-41401 HIGH
Improper Access Control (CWE-284)
2026-07-02 hackerone GHSA-66wx-hp59-23gx
8.8
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable API with low complexity and no interaction, but a valid low-privileged account is required (PR:L); successful escalation yields full application-level C/I/A impact within an unchanged scope.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:37 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.

AnalysisAI

Privilege escalation in Ubiquiti's UniFi Network Application allows a low-privileged, network-adjacent user to gain elevated privileges within the controller due to Improper Access Control (CWE-284). Tagged as an authentication/authorization bypass and reported via HackerOne, the flaw carries a CVSS 8.8 with full confidentiality, integrity, and availability impact once triggered. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged UniFi account
Delivery
Reach controller management API over network
Exploit
Invoke privileged action lacking access check
Execution
Escalate to administrative privileges
Impact
Reconfigure network and devices

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already possess a valid low-privileged account on the UniFi Network Application and network access to its management interface (CVSS PR:L, AV:N, AC:L, UI:N) - it is NOT remote-unauthenticated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately consistent and point to a genuine priority for anyone running a multi-tenant or multi-admin UniFi controller. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already holds a limited or read-only UniFi account - obtained via delegated access, a shared MSP tenant, or reused/leaked credentials - sends crafted requests to the controller's network-facing API that perform a privileged action their role should not permit. Because the authorization check is missing (CWE-284) and no user interaction is needed, they elevate to full administrative control over the UniFi Network Application, gaining ability to reconfigure networks and devices. …
Remediation Apply the fixed release identified in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); the input does not contain an exact fix version number, so treat this as 'Patch available per vendor advisory' and confirm the specific patched build against that bulletin before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Ubiquiti UniFi Network Application deployments and confirm their current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55114 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy