7.5 CVE-2026-55110

Enriched by CISA
 

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
https://nvd.nist.gov/vuln/detail/CVE-2026-55110

Categories

CWE-942 : Permissive Cross-domain Security Policy with Untrusted Domains
The product uses a web-client protectionmechanism such as a Content Security Policy (CSP) orcross-domain policy file, but the policy includes untrusteddomains with which the web client is allowed tocommunicate. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file. Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server. For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server. Product has a Silverlight cross-domain policy that does not restrict access to another application, which allows remote attackers to bypass the Same Origin Policy. The default Flash Cross Domain policies in a product allows remote attackers to access user files. Chain: Adobe Flash Player does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. Chain: Adobe Flash Player and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy. Chain: Adobe Flash Player does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.

References


 

AFFECTED (from MITRE)


Vendor Product Versions
Ubiquiti Inc UniFi OS Server
  • < 5.1.19 [affected]
Ubiquiti Inc Dream Machines
  • < 5.1.19 [affected]
Ubiquiti Inc Enterprise Fortress Gateway
  • < 5.1.19 [affected]
Ubiquiti Inc Dream Wall
  • < 5.1.19 [affected]
Ubiquiti Inc Dream Routers
  • < 5.1.19 [affected]
Ubiquiti Inc Express 7
  • < 5.1.19 [affected]
Ubiquiti Inc Cloud Keys
  • < 5.1.19 [affected]
Ubiquiti Inc Network Video Recorders
  • < 5.1.19 [affected]
Ubiquiti Inc Enterprise Video Recorders
  • < 5.1.19 [affected]
Ubiquiti Inc Cloud Gateways
  • < 5.1.19 [affected]
Ubiquiti Inc Network Attached Storage
  • < 5.1.19 [affected]
Ubiquiti Inc Enterprise Firewall Core
  • < 5.1.19 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry