Unifi Talk Application
Monthly
Privilege escalation in Ubiquiti's UniFi Talk Application allows a low-privileged, network-adjacent user to gain elevated privileges within the application through an improper access control (CWE-284) weakness, tracked as CVE-2026-55119 and rated CVSS 8.1. Ubiquiti tagged the issue as an Authentication Bypass, and a successful attack yields high confidentiality and integrity impact (C:H/I:H) over an existing authenticated session without any user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Server-Side Request Forgery in Ubiquiti's UniFi Talk Application allows a network-positioned attacker to coerce the application into making unintended internal requests, resulting in a Denial of Service and an authentication bypass against certain UniFi Talk API endpoints. The flaw carries CVSS 7.5 (scope-changed, high availability impact) and is reachable by remote attackers without authentication (PR:N), though a high attack complexity (AC:H) constrains reliable exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Privilege escalation in Ubiquiti's UniFi Talk Application allows an authenticated attacker holding a low-privileged account to chain multiple SQL injection flaws (CWE-89) and gain elevated control over the underlying host device. The issue carries a critical 9.9 CVSS score driven by network reachability, low attack complexity, and a scope change from the application into the host OS. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low bar of only needing minimal authenticated access makes this a high-priority patch for exposed UniFi Talk deployments.
Privilege escalation in Ubiquiti's UniFi Talk Application allows a low-privileged, network-adjacent user to gain elevated privileges within the application through an improper access control (CWE-284) weakness, tracked as CVE-2026-55119 and rated CVSS 8.1. Ubiquiti tagged the issue as an Authentication Bypass, and a successful attack yields high confidentiality and integrity impact (C:H/I:H) over an existing authenticated session without any user interaction. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Server-Side Request Forgery in Ubiquiti's UniFi Talk Application allows a network-positioned attacker to coerce the application into making unintended internal requests, resulting in a Denial of Service and an authentication bypass against certain UniFi Talk API endpoints. The flaw carries CVSS 7.5 (scope-changed, high availability impact) and is reachable by remote attackers without authentication (PR:N), though a high attack complexity (AC:H) constrains reliable exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Privilege escalation in Ubiquiti's UniFi Talk Application allows an authenticated attacker holding a low-privileged account to chain multiple SQL injection flaws (CWE-89) and gain elevated control over the underlying host device. The issue carries a critical 9.9 CVSS score driven by network reachability, low attack complexity, and a scope change from the application into the host OS. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low bar of only needing minimal authenticated access makes this a high-priority patch for exposed UniFi Talk deployments.