PT-2026-55246 · Ubiquiti · Cloud Gateways+11

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-55110

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55110

Affected Products

Cloud Gateways
Cloud Keys
Dream Machines
Dream Routers
Dream Wall
Enterprise Firewall Core
Enterprise Fortress Gateway
Enterprise Video Recorders
Express 7
Network Attached Storage
Network Video Recorders
Unifi Os Server