CVE-2026-55118
Ubiquiti · UniFi Network Application
An improper access control vulnerability in the Ubiquiti UniFi Network Application allows authenticated users with low privileges to escalate their permissions under certain conditions.
Executive summary
An improper access control flaw in the Ubiquiti UniFi Network Application permits low-privileged users to escalate their permissions, potentially leading to full administrative control.
Vulnerability
This vulnerability involves improper access control within the application, allowing an authenticated attacker with low-level privileges to bypass authorization checks. Under specific conditions, this allows the attacker to gain elevated privileges within the UniFi Network Application environment.
Business impact
Successful privilege escalation allows an attacker to gain unauthorized administrative access, enabling them to modify network configurations or monitor traffic. With a CVSS score of 8.3, this high-severity flaw threatens the overall integrity and security posture of the managed network infrastructure.
Remediation
Immediate Action: Update the UniFi Network Application to the latest version once the vendor patch is released.
Proactive Monitoring: Monitor audit logs for unusual privilege changes or unauthorized administrative actions performed by low-privileged user accounts.
Compensating Controls: Enforce the principle of least privilege by strictly managing user roles and conducting frequent reviews of active user permissions within the application.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Unauthorized privilege escalation can lead to a total loss of control over network infrastructure. Security teams should prioritize patching this vulnerability and audit existing user accounts to ensure no accounts possess excessive permissions that could be leveraged by an attacker.