CVE-2026-55114

Ubiquiti · UniFi Network Application

An improper access control vulnerability in the Ubiquiti UniFi Network Application allows authenticated users with low privileges to escalate their access within the application.

Executive summary

An improper access control flaw in the Ubiquiti UniFi Network Application enables low-privileged users to escalate their privileges, posing a significant risk to internal network management.

Vulnerability

This is an improper access control vulnerability that allows an authenticated user with low-level privileges to perform unauthorized actions, effectively escalating their role within the application.

Business impact

The ability for a low-privileged user to escalate privileges creates a severe risk of unauthorized administrative control over the entire network infrastructure managed by the UniFi controller. With a CVSS score of 8.8, this high-severity vulnerability could lead to total compromise of network configurations, data exfiltration, or the disruption of critical business connectivity.

Remediation

Immediate Action: Identify and apply the latest security patches provided by Ubiquiti as soon as they become available.

Proactive Monitoring: Review system access logs for unusual administrative activity or role changes associated with low-privileged service accounts.

Compensating Controls: Restrict access to the UniFi Network Application management interface to authorized management subnets only via network-level access control lists.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the potential for unauthorized administrative access, administrators should prioritize the installation of vendor-supplied updates immediately upon release. Restricting access to the management dashboard to known, trusted internal IPs remains a critical defensive layer until patches are successfully deployed.