Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration in UniFi OS Enabling Unauthorized Actions via Authenticated User Session |
Mon, 06 Jul 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration in UniFi OS Enabling Unauthorized Actions via Authenticated User Session |
Sun, 05 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration Exploitable by Authenticated Users in UniFi OS |
Sun, 05 Jul 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration Exploitable by Authenticated Users in UniFi OS |
Sun, 05 Jul 2026 02:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | UniFi OS CORS Misconfiguration Allows Unauthorized Actions in Authenticated Sessions |
Sat, 04 Jul 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | UniFi OS CORS Misconfiguration Allows Unauthorized Actions in Authenticated Sessions |
Sat, 04 Jul 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration in UniFi OS Enabling Unauthorized Actions |
Fri, 03 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration in UniFi OS Enabling Unauthorized Actions |
Fri, 03 Jul 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration Enables Authenticated Session Abuse in UniFi OS |
Thu, 02 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CORS Misconfiguration Enables Authenticated Session Abuse in UniFi OS |
Thu, 02 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 02 Jul 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. | |
| Weaknesses | CWE-942 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2026-07-02T15:52:20.711Z
Reserved: 2026-06-16T15:00:01.614Z
Link: CVE-2026-55110
Updated: 2026-07-02T15:41:36.930Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-06T23:30:12Z