CVE Catalog

CVE-2026-55110

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

A vulnerability in UniFi OS stems from a misconfigured CORS policy, allowing an attacker to lure an authenticated user to a malicious page and trigger actions in the system using that user's session.

Risk Assessment

An attacker could hijack an administrator's session and perform unauthorized operations, such as modifying configuration or stealing sensitive data.

Recommendation

Immediately update UniFi OS to the latest patched version and verify CORS configuration in the production environment.

Original NVD description (English source)

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS