HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-55115Published Modified CNA hackerone

CVE-2026-55115: A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
7.1.83
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A Server-Side Request Forgery (SSRF) vulnerability affects the UniFi Protect Application by Ubiquiti Inc. The flaw is reachable over the network and requires only a low-privilege account; no additional user interaction is necessary. Successful exploitation allows an attacker to escalate privileges on the host device, with full confidentiality, integrity, and availability impact on resources beyond the application itself. A patched-image rebuild at version 7.1.83 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-55115 is available across every HarborGuard environment; the CVE is matched against customer images within minutes of ingestion from upstream feeds, including custom-built images that bundle the UniFi Protect Application. Coverage applies to images in both connected registries and active CI/CD pipelines.

Available
Triage

HarborGuard is capable of surfacing this CVE with its CVSS v3.1 score of 9.9 (Critical) and applying per-environment compliance policy weighting to determine urgency. Triage routing directs findings to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild targeting UniFi Protect Application version 7.1.83 becomes available through HarborGuard once the affected image is identified. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the UniFi Protect Application service over the network; no local access or physical presence is required.

  • AuthenticationRequired

    A low-privilege account on the application is sufficient; no administrative or elevated credentials are needed to begin the attack.

  • Victim interactionNot required

    No action from another user or victim is necessary; the attacker can trigger the SSRF entirely on their own.

  • Attack complexityDetail

    Exploit conditions are straightforward and require no race conditions, special memory layout, or environmental prerequisites, making the attack reliably repeatable.

Blast Radius

  • Reads sensitive data from internal services reachable by the host, including configuration files, credentials, and session material.
  • Modifies data or issues commands to internal network services by forging requests that originate from the trusted host.
  • Escalates privileges on the underlying host device, potentially gaining root or system-level control.
  • Crashes or disrupts the host device or dependent services through unrestricted access to internal endpoints.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-55115 is active across all connected registries and pipelines, matching any image that includes a vulnerable version of UniFi Protect Application (below 7.1.83). Given the Critical severity and the scope-changed CVSS vector, this CVE is prioritized for immediate triage routing. A patched-image rebuild at version 7.1.83 is available for qualifying images. For customers who opt into auto-remediation, HarborGuard initiates the rebuild, executes a regression test run against the updated image, and opens a pull request against affected workloads; the median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual review before merging, the PR and associated test results are staged and waiting for approval.

See how HarborGuard automates this

Fix available

7.1.83
Affected packages
  • Ubiquiti Inc / UniFi Protect Application
    < 7.1.83 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H