CVE-2026-22557

CRITICAL

Ubiquiti INC Unifi Network Application < 10.1.89 - Path Traversal

Title source: rule

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Exploits (1)

nomisec SCANNER

by GarethMSheldon · poc

https://github.com/GarethMSheldon/cve-2026-22557-unifi-detection

View Code ZIP pw:eip

References (1)

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

Scores

CVSS v3 10.0

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (3)

Ubiquiti Inc/UniFi Network Application < 10.1.89

Ubiquiti Inc/UniFi Network Application < 10.2.97

Ubiquiti Inc/UniFi Network Application < 9.0.118

Published Mar 19, 2026

Tracked Since Mar 19, 2026