CVE-2026-55117
Ubiquiti · UniFi Access Application
A path traversal vulnerability in the Ubiquiti UniFi Access Application allows an attacker with network access to read arbitrary files from the host device.
Executive summary
A critical path traversal vulnerability in the Ubiquiti UniFi Access Application enables unauthorized file access, posing a severe risk to host system confidentiality.
Vulnerability
This vulnerability is a path traversal flaw that allows an attacker with network access to bypass directory restrictions. By supplying specially crafted input, an attacker can read sensitive files located on the underlying host operating system.
Business impact
The ability to read arbitrary files from the host device can lead to the exposure of configuration files, credentials, and sensitive system data. Given the CVSS score of 8.6, this vulnerability represents a high-risk scenario where an attacker could potentially gain enough information to facilitate a full system compromise.
Remediation
Immediate Action: Apply the latest security updates provided by Ubiquiti as soon as they become available.
Proactive Monitoring: Review system and application logs for unusual file access patterns or suspicious directory traversal strings (e.g., ../) originating from unauthorized network segments.
Compensating Controls: Implement strict network segmentation and restrict access to the UniFi Access management interface to trusted administrative subnets only.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability presents a significant risk to host integrity and data confidentiality. Administrators must prioritize the application of vendor-supplied patches as soon as they are released. Until updates are deployed, ensure the management interface is not exposed to untrusted networks.