Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-56841

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-56842

Publication date:
02/07/2026
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55112

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55113

Publication date:
02/07/2026
A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55114

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55115

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55116

Publication date:
02/07/2026
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55117

Publication date:
02/07/2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55118

Publication date:
02/07/2026
A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55119

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-54404

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55110

Publication date:
02/07/2026
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026