Critical Ubiquiti UniFi Vulnerabilities Expose Systems to Full Control Exploits
Ubiquiti, a leading provider of networking technology, has recently disclosed two significant vulnerabilities within its UniFi Network Application. These flaws, identified as CVE-2026-22557 and CVE-2026-22558, pose substantial security risks, potentially allowing attackers to gain complete control over affected systems. Organizations utilizing impacted versions are strongly advised to implement the recommended patches without delay.
CVE-2026-22557: Path Traversal Vulnerability Leading to Full System Compromise
The more critical of the two vulnerabilities, CVE-2026-22557, is a path traversal flaw that has been assigned a CVSS v3.1 Base Score of 10.0, indicating the highest level of severity. This vulnerability allows unauthenticated attackers with network access to traverse directory structures within the UniFi Network Application. By exploiting this flaw, malicious actors can access sensitive files on the underlying operating system, potentially leading to unauthorized access to system accounts and full administrative control over the host. Notably, this exploit requires no authentication, user interaction, or special conditions, making it particularly dangerous. The vulnerability was discovered and reported by security researcher n00r3 (@izn0u).
CVE-2026-22558: NoSQL Injection Vulnerability Enabling Privilege Escalation
The second vulnerability, CVE-2026-22558, is an authenticated NoSQL injection flaw with a CVSS v3.1 score of 7.7, categorizing it as high severity. This vulnerability allows authenticated users to inject malicious NoSQL queries through the application layer, potentially escalating their privileges beyond authorized levels. Such exploitation could compromise sensitive network configuration data and internal account structures. Although this flaw requires prior authentication, its potential impact on confidentiality and integrity is significant. The vulnerability was discovered by Garett Kopcha (@0x5t).
Affected Versions and Mitigation Measures
The vulnerabilities affect the following versions of the UniFi Network Application:
– Official Release: Versions 10.1.85 and earlier
– Release Candidate: Versions 10.2.93 and earlier
– UniFi Express (UX) Network Application: Versions 9.0.114 and earlier
To address these vulnerabilities, Ubiquiti has released patched versions:
– Official Release: Upgrade to UniFi Network Application Version 10.1.89 or later
– Release Candidate: Upgrade to UniFi Network Application Version 10.2.97 or later
– UniFi Express (UX): Update firmware to Version 4.0.13 or later, which includes Network Application Version 9.0.118 or later
Given the critical nature of CVE-2026-22557, it is imperative for administrators to apply these updates immediately. Additionally, implementing network segmentation and strict firewall rules to limit exposure of the UniFi Network Application management interface can serve as an extra layer of defense. Organizations operating affected versions in internet-accessible environments are at heightened risk and should prioritize these patches as an emergency measure.
Broader Context of Ubiquiti Vulnerabilities
These recent disclosures are part of a series of security challenges faced by Ubiquiti’s UniFi products:
– UniFi Door Access App Vulnerability: In October 2025, a critical flaw was identified in the UniFi Access application, exposing its management API without authentication. This vulnerability allowed attackers on the management network to potentially take full control of door access systems, posing significant risks to physical security. ([cybersecuritynews.com](https://cybersecuritynews.com/ubiquiti-unifi-door-access-app-vulnerability/?utm_source=openai))
– UniFi Devices Command Injection Vulnerability: In July 2025, a command injection vulnerability (CVE-2025-27212) was discovered in multiple UniFi Access devices. This flaw enabled remote attackers to execute malicious commands, compromising physical security systems. ([cybersecuritynews.com](https://cybersecuritynews.com/ubiquiti-unifi-devices-vulnerability/?utm_source=openai))
– UniFi Protect Camera Remote Code Execution: In May 2025, a critical vulnerability (CVE-2025-23123) was found in UniFi Protect Cameras, allowing remote code execution through a heap buffer overflow. This flaw could lead to complete system compromise, including unauthorized access to surveillance feeds. ([cybersecuritynews.com](https://cybersecuritynews.com/ubiquiti-unifi-protect-camera-vulnerability/?utm_source=openai))
These incidents underscore the importance of regular security assessments and prompt application of patches to maintain the integrity and security of network infrastructure.
Conclusion
The disclosure of CVE-2026-22557 and CVE-2026-22558 highlights the critical need for organizations using Ubiquiti’s UniFi Network Application to take immediate action. By applying the recommended updates and implementing additional security measures, organizations can protect their systems from potential exploitation and maintain the security of their network environments.
