Skip to main content

UniFi Talk Application CVE-2026-55119

| EUVDEUVD-2026-41403 HIGH
Improper Access Control (CWE-284)
2026-07-02 hackerone GHSA-7228-x566-c73m
8.1
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
8.1 HIGH

Network-reachable app with low-privilege account required (PR:L, AV:N, AC:L, UI:N); privilege escalation yields high confidentiality and integrity impact but no availability effect, scope unchanged.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:39 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.

AnalysisAI

Privilege escalation in Ubiquiti's UniFi Talk Application allows a low-privileged, network-adjacent user to gain elevated privileges within the application through an improper access control (CWE-284) weakness, tracked as CVE-2026-55119 and rated CVSS 8.1. Ubiquiti tagged the issue as an Authentication Bypass, and a successful attack yields high confidentiality and integrity impact (C:H/I:H) over an existing authenticated session without any user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege UniFi Talk account
Delivery
Reach Talk app over network
Exploit
Send request to under-protected endpoint
Execution
Bypass authorization/role check
Persist
Gain elevated privileges in Talk
Impact
Access or modify restricted telephony data

Vulnerability AssessmentAI

Exploitation The attacker must have network access to the UniFi Talk Application and must already possess a valid low-privilege account within that application (CVSS PR:L; Ubiquiti describes it as an Authentication Bypass / improper access control within the Talk app). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N = 8.1 High) describes a network-reachable, low-complexity attack requiring only low existing privileges and no user interaction, with high confidentiality and integrity impact but no availability impact - a realistic priority for any environment that has multiple user tiers in UniFi Talk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already holds a low-privilege UniFi Talk account (for example a limited user or a compromised low-tier credential) sends crafted requests over the network to application endpoints whose authorization checks are improperly enforced, elevating their role within the Talk app. With the resulting high-privilege access they can read or alter call configuration, telephony settings, or other users' data. …
Remediation Patch available per vendor advisory: update the UniFi Talk Application to the fixed release described in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); the exact fixed version is not enumerated in the provided data, so consult that advisory and apply the update through the UniFi application/console update mechanism. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all UniFi Talk deployments; restrict application access to essential roles only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-55119 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy