CORS Misconfiguration in UniFi OS Affects User Sessions
CVE-2026-55110
7.5HIGH
What is CVE-2026-55110?
A CORS misconfiguration in UniFi OS can be exploited by a malicious actor to manipulate a user's session after luring them to a malicious page. This issue allows unauthorized actions to be triggered within UniFi OS using the authenticated user's privileges, posing a significant risk to user data and application security.
Affected Version(s)
Cloud Gateways 0 < 5.1.19
Cloud Keys 0 < 5.1.19
Dream Machines 0 < 5.1.19
