Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
CVE-2026-55116: Unauth Changes to UniFi OS Devices via Network Access
CVE-2026-55116
CVE-2026-55116
Summary
A security issue in UniFi OS devices allows unauthorized access to change settings. This could happen if an attacker is on the same network and has the right setup. To protect your devices, ensure you have strong network security and keep your UniFi OS up to date.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| ubiquiti inc | dream machines | < 5.1.19 |
| ubiquiti inc | enterprise fortress gateway | < 5.1.19 |
| ubiquiti inc | dream wall | < 5.1.19 |
| ubiquiti inc | dream routers | < 5.1.19 |
| ubiquiti inc | express 7 | < 5.1.19 |
| ubiquiti inc | cloud gateways | < 5.1.19 |
| ubiquiti inc | enterprise firewall core | < 5.1.19 |
Original title
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauth...
Original description
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
mitre CVSS3.1
9.0
Vulnerability type
CWE-284
Improper Access Control
Published: 2 Jul 2026 · Updated: 3 Jul 2026 · First seen: 2 Jul 2026