CVE-2026-22557

CRITICAL

Ubiquiti INC Unifi Network Application < 10.1.89 - Path Traversal

Title source: rule

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Exploits (4)

github FAILED 4 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-22557

View Code ZIP pw:eip

nomisec WORKING POC

by ThePotatoOfDoom · poc

https://github.com/ThePotatoOfDoom/CVE-2026-22557-PoC

View Code ZIP pw:eip

nomisec SCANNER

by 0xBlackash · poc

https://github.com/0xBlackash/CVE-2026-22557

View Code ZIP pw:eip

nomisec SCANNER

by GarethMSheldon · poc

https://github.com/GarethMSheldon/cve-2026-22557-unifi-detection

View Code ZIP pw:eip

References (1)

Core 1

Core References

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

Scores

CVSS v3 10.0

EPSS 0.0003

EPSS Percentile 10.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Products (3)

Ubiquiti Inc/UniFi Network Application 10.1.89

Ubiquiti Inc/UniFi Network Application 10.2.97

Ubiquiti Inc/UniFi Network Application 9.0.118

Published Mar 19, 2026

Tracked Since Mar 19, 2026