Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-55114

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55115

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55116

Publication date:
02/07/2026
A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55117

Publication date:
02/07/2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55118

Publication date:
02/07/2026
A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55119

Publication date:
02/07/2026
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55110

Publication date:
02/07/2026
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-55111

Publication date:
02/07/2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-54406

Publication date:
02/07/2026
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-54407

Publication date:
02/07/2026
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-54408

Publication date:
02/07/2026
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-54409

Publication date:
02/07/2026
A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026