CVE-2026-55116 – Ubiquiti UniFi Platform
“One weak entry point can quickly become full control when critical vulnerabilities stack together.”
This security update addresses multiple critical vulnerabilities affecting the Ubiquiti UniFi platform, including UniFi Talk Application, UniFi Access Application, UniFi OS Server, UniFi Protect Application, and Dream Machines. The issues include authenticated SQL injection, command injection, improper access control, and server-side request forgership (SSRF), all of which could allow an authenticated attacker on the network to escalate privileges, execute commands, or make unauthorized changes to affected devices.
CVE-2026-50747 has a CVSS score of 9.9, which is Critical severity. CVE-2026-50748 has a CVSS score of 9.9, which is Critical severity. CVE-2026-54400 has a CVSS score of 9.1, which is Critical severity. CVE-2026-54402 has a CVSS score of 9.9, which is Critical severity. CVE-2026-55115 has a CVSS score of 9.9, which is Critical severity. CVE-2026-55116 has a CVSS score of 9.0, which is Critical severity. No verified real-world exploitation or public proof-of-concept has been confirmed for these vulnerabilities.
Key Details
- Affected Product
- Ui Unifi Connect
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-284