Skip to main content

UniFi Network Application CVE-2026-56842

| EUVDEUVD-2026-41402 HIGH
Incorrect Authorization (CWE-863)
2026-07-02 hackerone GHSA-fhjm-rpqj-xm7m
7.5
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Requires prior low-privilege authenticated access (PR:L) and a specific stale-authorization condition (AC:H) over the network (AV:N); retained privileges grant full control of managed network, so C/I/A all High.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:40 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.

AnalysisAI

Privilege persistence in Ubiquiti's UniFi Network Application allows a low-privileged network-adjacent actor to retain granted privileges within the controller even after those privileges are supposed to have been revoked, due to an Incorrect Authorization (CWE-863) flaw. The CVSS 3.1 base score is 7.5 (AV:N/AC:H/PR:L/UI:N) with high confidentiality, integrity, and availability impact, meaning an actor whose access was removed can continue to act with the old authorization. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Hold low-privilege UniFi controller access
Delivery
Administrator revokes the account's privileges
Exploit
Trigger stale authorization condition (AC:H)
Execution
Incorrect authorization honors removed privileges
Persist
Perform privileged config/device actions
Impact
Persist unauthorized control over network

Vulnerability AssessmentAI

Exploitation Exploitation requires the actor to already hold, or to have recently held, a low-privilege authenticated role within the UniFi Network Application (CVSS PR:L) and to have network access to the controller (AV:N); the core precondition described is a privilege-revocation event - the actor exploits the flaw to persist privileges after their access 'had been removed.' The AC:H metric and the description's phrase 'under certain conditions' indicate a specific, non-deterministic state (such as an active/cached session or a particular role-change sequence) must exist for the stale authorization to be honored. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a moderately severe issue best treated as a real but conditional risk rather than a mass-exploitation emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A contractor or junior operator is granted a role in the UniFi Network Application, and later an administrator revokes that access; because of the Incorrect Authorization flaw, under certain conditions the actor's prior privileges are not fully enforced, so from the network they continue to perform privileged controller actions such as modifying network/device configuration. No public POC is available, and the high attack complexity means the specific stale-state condition must be met, but the actor's existing low-privilege foothold is the key enabler.
Remediation Upgrade the UniFi Network Application to the fixed version identified in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); Patch available per vendor advisory, though the exact patched version string is not included in the provided data and must be read from that bulletin before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all current UniFi controller administrators; enable and verify verbose audit logging is active and retained. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56842 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy