CVE-2026-22557

CRITICAL

UniFi Network Application 9.0.118-10.1.89, 10.2.97 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2026-22557. PoCs published by adminlove520, ThePotatoOfDoom, 0xBlackash.

AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2026-22557, a pre-authentication path traversal vulnerability in the UniFi Network Application guest portal. The exploit leverages the `page_error` query parameter to read arbitrary files from the web application context, potentially extending to system files under specific conditions.

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Exploits (4)

nomisec WORKING POC
by ThePotatoOfDoom · poc
https://github.com/ThePotatoOfDoom/CVE-2026-22557-PoC

The repository contains a functional Python exploit for CVE-2026-22557, a pre-authentication path traversal vulnerability in the UniFi Network Application guest portal. The exploit leverages the `page_error` query parameter to read arbitrary files from the web application context, potentially extending to system files under specific conditions.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: UniFi Network Application (guest portal)
No auth needed
Prerequisites: Access to the guest portal endpoint · Target running vulnerable UniFi Network Application
devstral-2 · analyzed Apr 12, 2026 Full analysis →
nomisec SCANNER
by 0xBlackash · poc
https://github.com/0xBlackash/CVE-2026-22557

The repository contains a Python script that tests for CVE-2026-22557, a critical path traversal vulnerability in Ubiquiti UniFi Network Application. It sends HTTP requests with various traversal payloads to detect potential vulnerabilities but does not exploit them.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Ubiquiti UniFi Network Application (≤ 10.1.85, ≤ 10.2.93)
No auth needed
Prerequisites: Network access to the target UniFi controller
devstral-2 · analyzed Apr 09, 2026 Full analysis →
nomisec SCANNER
by GarethMSheldon · poc
https://github.com/GarethMSheldon/cve-2026-22557-unifi-detection

This repository provides a detection script and SIEM rules for identifying CVE-2026-22557, a path traversal vulnerability in Ubiquiti UniFi Network Application. It includes version checks, log scanning, and network exposure tests but does not contain exploit code.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Ubiquiti UniFi Network Application < 10.1.89, < 10.2.97, < 9.0.118
No auth needed
Prerequisites: access to UniFi logs or network interface
devstral-2 · analyzed Mar 23, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.0003
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-22
Status published
Products (3)
Ubiquiti Inc/UniFi Network Application 10.1.89
Ubiquiti Inc/UniFi Network Application 10.2.97
Ubiquiti Inc/UniFi Network Application 9.0.118
Published Mar 19, 2026
Tracked Since Mar 19, 2026