CVE-2026-55118

Ubiquiti · UniFi Network Application

An improper access control vulnerability in the Ubiquiti UniFi Network Application allows authenticated users with low privileges to escalate their permissions under certain conditions.

Executive summary

An improper access control flaw in the Ubiquiti UniFi Network Application permits low-privileged users to escalate their permissions, potentially leading to full administrative control.

Vulnerability

This vulnerability involves improper access control within the application, allowing an authenticated attacker with low-level privileges to bypass authorization checks. Under specific conditions, this allows the attacker to gain elevated privileges within the UniFi Network Application environment.

Business impact

Successful privilege escalation allows an attacker to gain unauthorized administrative access, enabling them to modify network configurations or monitor traffic. With a CVSS score of 8.3, this high-severity flaw threatens the overall integrity and security posture of the managed network infrastructure.

Remediation

Immediate Action: Update the UniFi Network Application to the latest version once the vendor patch is released.

Proactive Monitoring: Monitor audit logs for unusual privilege changes or unauthorized administrative actions performed by low-privileged user accounts.

Compensating Controls: Enforce the principle of least privilege by strictly managing user roles and conducting frequent reviews of active user permissions within the application.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Unauthorized privilege escalation can lead to a total loss of control over network infrastructure. Security teams should prioritize patching this vulnerability and audit existing user accounts to ensure no accounts possess excessive permissions that could be leveraged by an attacker.