CORS Misconfiguration in UniFi OS Affects User Sessions
CVE-2026-55110

7.5HIGH

What is CVE-2026-55110?

A CORS misconfiguration in UniFi OS can be exploited by a malicious actor to manipulate a user's session after luring them to a malicious page. This issue allows unauthorized actions to be triggered within UniFi OS using the authenticated user's privileges, posing a significant risk to user data and application security.

Affected Version(s)

Cloud Gateways 0 < 5.1.19

Cloud Keys 0 < 5.1.19

Dream Machines 0 < 5.1.19

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.