Server-Side Request Forgery in UniFi Protect Application by Ubiquiti
CVE-2026-55115

9.9CRITICAL

Key Information:

Vendor
CVE Published:
2 July 2026

What is CVE-2026-55115?

The UniFi Protect Application is susceptible to a Server-Side Request Forgery (SSRF) vulnerability, which enables a malicious actor with low privileges and network access to potentially escalate privileges on the host device. This vulnerability highlights the importance of securing network applications against unauthorized access, as exploitation could lead to increased control and possible data compromise within the affected systems. For further details, check the security advisory from Ubiquiti.

Affected Version(s)

UniFi Protect Application 0 < 7.1.83

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.