Skip to main content

Cloud Keys

6 CVEs product

Monthly

CVE-2026-55112 HIGH PATCH This Week

Privilege escalation in UniFi OS running the UniFi Protect Application (versions below 5.1.19) allows a network-adjacent, low-privileged attacker to gain control of the underlying host device via improper access control. Affected hardware spans Ubiquiti's Dream Machines, Dream Wall, Dream Routers, Cloud Keys, Cloud Gateways, and Network/Enterprise Video Recorders. No public exploit identified at time of analysis; EPSS is low (0.19%) and CISA SSVC records no known exploitation, but the total technical impact and 8.8 CVSS make it a meaningful patch priority.

Authentication Bypass Ubiquiti Dream Machines Dream Wall Dream Routers +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-54401 HIGH PATCH This Week

Privilege escalation via Server-Side Request Forgery affects Ubiquiti UniFi OS devices and the UniFi OS Server across the Dream Machine, Dream Router, Cloud Gateway, Cloud Key, Enterprise Fortress/Firewall, and NVR/EVR product lines running versions below 5.1.19. A low-privileged user with network access can coerce the device into making attacker-controlled internal requests, leveraging the SSRF to reach privileged internal services and elevate to higher privileges within the appliance. No public exploit identified at time of analysis, EPSS risk is low (0.20%, 10th percentile), and the flaw is not listed in CISA KEV, but a vendor patch is available.

SSRF Ubiquiti Unifi Os Server Dream Machines Enterprise Fortress Gateway +9
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-54402 HIGH PATCH This Week

Command injection in Ubiquiti UniFi OS (all builds before 5.1.19) lets a low-privileged user on the same network run arbitrary operating-system commands on the underlying host device, giving full control of gateways, recorders, and Cloud Keys. The flaw stems from improper input validation (CWE-20) and carries high confidentiality, integrity, and availability impact (CVSS 8.8). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as none, but the technical impact is total and a vendor patch is already available.

Command Injection Ubiquiti Unifi Os Server Dream Machines Enterprise Fortress Gateway +9
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-55110 MEDIUM PATCH This Month

Cross-site session abuse in Ubiquiti UniFi OS lets a remote attacker who lures an authenticated operator to a malicious web page ride that user's active session to perform privileged actions on the device, stemming from a permissive CORS policy that trusts untrusted origins. The flaw affects UniFi OS Server and the console firmware running on Dream Machines, Dream Routers, Dream Wall, Cloud Gateways, Cloud Keys, Enterprise Fortress Gateway, Express 7, and Network/Enterprise Video Recorders. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; success hinges on social-engineering an already-logged-in admin (CVSS 7.5, UI:R, AC:H).

Ubiquiti Cors Misconfiguration Information Disclosure Unifi Os Server Dream Machines +10
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-54404 HIGH PATCH This Week

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged, network-adjacent user to chain a series of authenticated SQL injection flaws (CWE-89) to gain elevated privileges on affected UniFi OS instances and hardware. The issue affects UniFi OS Server and a broad range of Ubiquiti gateway, recorder, and Cloud Key appliances. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the CVSS 8.8 rating and low attack complexity make it a meaningful escalation risk once an attacker has any authenticated foothold.

Ubiquiti SQLi Unifi Os Server Dream Machines Enterprise Fortress Gateway +9
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-54403 HIGH PATCH This Week

Authentication bypass in Ubiquiti UniFi OS devices allows a network-adjacent attacker to abuse a path traversal flaw (CWE-22) to reach protected functionality without valid credentials, affecting a broad hardware line including Dream Machines/Routers/Wall, Cloud Gateways/Keys, Express 7, Enterprise Fortress Gateway, and the UniFi OS Server software. The CVSS 8.6 rating is driven by an unauthenticated, low-complexity network vector combined with a scope change (S:C), meaning the compromised authentication boundary exposes managed device data. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of affected consoles makes this a high-priority patch.

Ubiquiti Path Traversal Unifi Os Server Dream Machines Enterprise Fortress Gateway +9
NVD
CVSS 3.1
8.6
EPSS
0.5%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in UniFi OS running the UniFi Protect Application (versions below 5.1.19) allows a network-adjacent, low-privileged attacker to gain control of the underlying host device via improper access control. Affected hardware spans Ubiquiti's Dream Machines, Dream Wall, Dream Routers, Cloud Keys, Cloud Gateways, and Network/Enterprise Video Recorders. No public exploit identified at time of analysis; EPSS is low (0.19%) and CISA SSVC records no known exploitation, but the total technical impact and 8.8 CVSS make it a meaningful patch priority.

Authentication Bypass Ubiquiti Dream Machines +6
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation via Server-Side Request Forgery affects Ubiquiti UniFi OS devices and the UniFi OS Server across the Dream Machine, Dream Router, Cloud Gateway, Cloud Key, Enterprise Fortress/Firewall, and NVR/EVR product lines running versions below 5.1.19. A low-privileged user with network access can coerce the device into making attacker-controlled internal requests, leveraging the SSRF to reach privileged internal services and elevate to higher privileges within the appliance. No public exploit identified at time of analysis, EPSS risk is low (0.20%, 10th percentile), and the flaw is not listed in CISA KEV, but a vendor patch is available.

SSRF Ubiquiti Unifi Os Server +11
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Command injection in Ubiquiti UniFi OS (all builds before 5.1.19) lets a low-privileged user on the same network run arbitrary operating-system commands on the underlying host device, giving full control of gateways, recorders, and Cloud Keys. The flaw stems from improper input validation (CWE-20) and carries high confidentiality, integrity, and availability impact (CVSS 8.8). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as none, but the technical impact is total and a vendor patch is already available.

Command Injection Ubiquiti Unifi Os Server +11
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site session abuse in Ubiquiti UniFi OS lets a remote attacker who lures an authenticated operator to a malicious web page ride that user's active session to perform privileged actions on the device, stemming from a permissive CORS policy that trusts untrusted origins. The flaw affects UniFi OS Server and the console firmware running on Dream Machines, Dream Routers, Dream Wall, Cloud Gateways, Cloud Keys, Enterprise Fortress Gateway, Express 7, and Network/Enterprise Video Recorders. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; success hinges on social-engineering an already-logged-in admin (CVSS 7.5, UI:R, AC:H).

Ubiquiti Cors Misconfiguration Information Disclosure +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged, network-adjacent user to chain a series of authenticated SQL injection flaws (CWE-89) to gain elevated privileges on affected UniFi OS instances and hardware. The issue affects UniFi OS Server and a broad range of Ubiquiti gateway, recorder, and Cloud Key appliances. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the CVSS 8.8 rating and low attack complexity make it a meaningful escalation risk once an attacker has any authenticated foothold.

Ubiquiti SQLi Unifi Os Server +11
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Authentication bypass in Ubiquiti UniFi OS devices allows a network-adjacent attacker to abuse a path traversal flaw (CWE-22) to reach protected functionality without valid credentials, affecting a broad hardware line including Dream Machines/Routers/Wall, Cloud Gateways/Keys, Express 7, Enterprise Fortress Gateway, and the UniFi OS Server software. The CVSS 8.6 rating is driven by an unauthenticated, low-complexity network vector combined with a scope change (S:C), meaning the compromised authentication boundary exposes managed device data. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the ubiquity of affected consoles makes this a high-priority patch.

Ubiquiti Path Traversal Unifi Os Server +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy