CVE-2026-55115

Ubiquiti · UniFi Protect Application

A Server-Side Request Forgery (SSRF) vulnerability in the Ubiquiti UniFi Protect Application allows authenticated low-privilege network users to escalate privileges on the host device.

Executive summary

A critical SSRF vulnerability in the Ubiquiti UniFi Protect Application enables authenticated network users with low privileges to achieve privilege escalation on the host system.

Vulnerability

The application is susceptible to Server-Side Request Forgery, which, when exploited by an authenticated attacker, allows for the manipulation of internal requests to gain elevated privileges. This bypasses intended security boundaries governing user access levels within the Protect application.

Business impact

With a CVSS score of 9.9, this vulnerability poses a significant risk to the security of surveillance and management infrastructure. Successful exploitation allows an attacker to gain administrative control over the application, potentially leading to unauthorized access to video feeds, system configuration modification, and further compromise of the host environment.

Remediation

Immediate Action: Apply the latest security updates for the UniFi Protect Application as released by Ubiquiti.

Proactive Monitoring: Monitor application logs for suspicious internal API requests or unusual lateral movement attempts originating from low-privilege user accounts.

Compensating Controls: Restrict access to the UniFi Protect management portal via firewall rules to ensure only trusted network segments can interact with the service.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the potential for privilege escalation, this vulnerability represents an immediate threat to the confidentiality and integrity of the UniFi Protect environment. Organizations must expedite the deployment of vendor-supplied patches to mitigate the risk of unauthorized administrative access.