ГлавнаяУязвимости → CVE-2026-55110
7.5высокая

CVE-2026-55110

Описание

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

Затрагиваемое ПО
Ui Unifi os serverUi Unifi dream machine beast firmwareUi Unifi dream machine beastUi Unifi dream machine pro firmwareUi Unifi dream machine proUi Unifi dream machine special edition firmwareUi Unifi dream machine special editionUi Unifi dream machine pro max firmwareUi Unifi dream machine pro maxUi Enterprise fortress gateway firmwareUi Enterprise fortress gatewayUi Unifi dream router firmwareUi Unifi dream routerUi Unifi dream wall firmwareUi Unifi dream wallUi Unifi dream router 7 firmwareUi Unifi dream router 7Ui Unifi express 7 firmwareUi Unifi express 7Ui Unifi cloudkey firmwareUi Unifi cloudkeyUi Unifi cloud key plus firmwareUi Unifi cloud key plusUi Unifi cloudkey enterprise firmwareUi Unifi cloudkey enterprise
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc