GHSA-fwmw-87x4-wjv5HighCVSS 7.5

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross...

Published
July 2, 2026
Last Modified
July 2, 2026

🔗 CVE IDs covered (1)

📋 Description

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

🔗 References (3)