CVE-2026-55116 CRITICAL

CVE-2026-55116

Vendor Ubiquiti Inc
Product Dream Machines
Weakness CWE-284
Published July 2, 2026
Last update July 2, 2026

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Key dates

02Disclosure timeline

July 2, 2026 CVE published
July 2, 2026 Record updated