CVE-2026-55111

HIGH

Ubiquiti INC UniFi Protect Floodlight < 1.13.6 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Title source: rule
STIX 2.1

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.

Scores

CVSS v3 7.5
EPSS 0.0034
EPSS Percentile 25.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
Ubiquiti Inc/UniFi Protect Floodlight < 1.13.6
Published Jul 02, 2026
Tracked Since Jul 02, 2026