CVE-2026-55114
Ubiquiti · UniFi Network Application
An improper access control vulnerability in the Ubiquiti UniFi Network Application allows authenticated users with low privileges to escalate their access within the application.
Executive summary
An improper access control flaw in the Ubiquiti UniFi Network Application enables low-privileged users to escalate their privileges, posing a significant risk to internal network management.
Vulnerability
This is an improper access control vulnerability that allows an authenticated user with low-level privileges to perform unauthorized actions, effectively escalating their role within the application.
Business impact
The ability for a low-privileged user to escalate privileges creates a severe risk of unauthorized administrative control over the entire network infrastructure managed by the UniFi controller. With a CVSS score of 8.8, this high-severity vulnerability could lead to total compromise of network configurations, data exfiltration, or the disruption of critical business connectivity.
Remediation
Immediate Action: Identify and apply the latest security patches provided by Ubiquiti as soon as they become available.
Proactive Monitoring: Review system access logs for unusual administrative activity or role changes associated with low-privileged service accounts.
Compensating Controls: Restrict access to the UniFi Network Application management interface to authorized management subnets only via network-level access control lists.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the potential for unauthorized administrative access, administrators should prioritize the installation of vendor-supplied updates immediately upon release. Restricting access to the management dashboard to known, trusted internal IPs remains a critical defensive layer until patches are successfully deployed.