CVE Catalog
CVE-2026-55110
HighCVSS 7.5Summary
A vulnerability in UniFi OS stems from a misconfigured CORS policy, allowing an attacker to lure an authenticated user to a malicious page and trigger actions in the system using that user's session.
Risk Assessment
An attacker could hijack an administrator's session and perform unauthorized operations, such as modifying configuration or stealing sensitive data.
Recommendation
Immediately update UniFi OS to the latest patched version and verify CORS configuration in the production environment.
Original NVD description (English source)
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

