Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems

Home Cyber Security Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying... Ubiquiti UniFi Vulnerabilities Ubiquiti has disclosed two critical-to-high severity vulnerabilities in its widely deployed UniFi Network Application, including a maximum-severity flaw that could allow unauthenticated attackers to seize full control of underlying systems. Organizations running affected versions are urged to patch immediately. CVE-2026-22557: Path Traversal Enables Full System Compromise The more severe of the two flaws, tracked as CVE-2026-22557, is a Path Traversal vulnerability carrying a CVSS v3.1 Base Score of 10.0 (Critical) the highest possible rating. The vulnerability’s vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) confirms that no authentication, user interaction, or special conditions are required to exploit it remotely. A malicious actor with network access could weaponize this flaw to traverse directory boundaries within the UniFi Network Application and access sensitive files on the underlying operating system. Those files could then be manipulated to gain unauthorized access to underlying system accounts, effectively handing an attacker complete administrative control over the host. The vulnerability was discovered and reported by security researcher n00r3 (@izn0u). CVE-2026-22558: NoSQL Injection Enables Privilege Escalation The second flaw, CVE-2026-22558, is an authenticated NoSQL Injection vulnerability rated 7.7 (High) on the CVSS v3.1 scale. Although this vulnerability requires prior authentication (PR:L), it operates across a changed scope (S:C) and achieves high confidentiality impact, making it a potent escalation path for attackers who have already obtained low-level credentials. By injecting malicious NoSQL queries through the application layer, an authenticated attacker could escalate privileges beyond their authorized access level, potentially compromising sensitive network configuration data and internal account structures. The flaw was discovered by Garett Kopcha (@0x5t). Product Affected Version UniFi Network App (Official) 10.1.85 and earlier UniFi Network App (Release Candidate) 10.2.93 and earlier UniFi Express (UX) Network App 9.0.114 and earlier Mitigations Ubiquiti has released patched versions addressing both vulnerabilities simultaneously. Administrators should apply updates without delay: Official Release: Upgrade to UniFi Network Application Version 10.1.89 or later Release Candidate: Upgrade to UniFi Network Application Version 10.2.97 or later UniFi Express (UX): Update firmware to Version 4.0.13 or later, which bundles Network Application Version 9.0.118 or later Given the perfect CVSS score of CVE-2026-22557, network segmentation and strict firewall rules limiting exposure of the UniFi Network Application management interface should be implemented as an additional defensive layer. Ubiquiti customers running any affected version in internet-accessible environments face particularly elevated risk and should treat this as an emergency patch. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News ‘Vibe-Coded’ Malware Campaign Uses Fake Tools, CDNs and File Hosts to Infect Users Cyber Security News Malicious ‘Pyronut’ Package Backdoors Telegram Bots With Remote Code Execution AI Claude Vulnerabilities Allow Data Exfiltration and User Redirection to Malicious Sites Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026