{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-55118","assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","state":"PUBLISHED","assignerShortName":"hackerone","dateReserved":"2026-06-16T15:00:01.614Z","datePublished":"2026-07-02T14:50:48.734Z","dateUpdated":"2026-07-02T15:51:29.494Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application."}],"affected":[{"defaultStatus":"unaffected","vendor":"Ubiquiti Inc","product":"UniFi Network Application","versions":[{"version":"0","status":"affected","lessThan":"10.4.57","versionType":"semver"}]}],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","cweId":"CWE-284","description":"CWE-284 Improper Access Control - Generic"}]}],"providerMetadata":{"orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone","dateUpdated":"2026-07-02T14:50:48.734Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-07-02T15:48:43.036653Z","id":"CVE-2026-55118","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-02T15:51:29.494Z"}}]}}