Improper Access Control in UniFi OS for UniFi Protect Application
CVE-2026-55112

7.5HIGH

Key Information:

Vendor
CVE Published:
2 July 2026

What is CVE-2026-55112?

A vulnerability in UniFi OS pertaining to the UniFi Protect Application allows malicious actors with low privileges and network access to exploit improper access control. This could enable them to escalate their privileges on the affected host device under certain conditions, posing significant security risks to users' systems.

Affected Version(s)

Cloud Gateways 0 < 5.1.19

Cloud Keys 0 < 5.1.19

Dream Machines 0 < 5.1.19

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.