CVE-2026-22557
CRITICAL NUCLEIUniFi Network Application 9.0.118-10.1.89, 10.2.97 - Path Traversal
Title source: llmExploitation Summary
EIP tracks 7 public exploits for CVE-2026-22557. PoCs published by adminlove520, SecureWithUmer, gagaltotal. A Nuclei detection template is also available.
AI-analyzed exploit summary This Python script tests for CVE-2026-22557, a critical unauthenticated path traversal vulnerability in Ubiquiti UniFi Network Application. The script sends crafted HTTP requests with directory traversal payloads to common UniFi API endpoints to detect potential file read access (e.g., /etc/passwd).
Description
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Exploits (7)
This Python script tests for CVE-2026-22557, a critical unauthenticated path traversal vulnerability in Ubiquiti UniFi Network Application. The script sends crafted HTTP requests with directory traversal payloads to common UniFi API endpoints to detect potential file read access (e.g., /etc/passwd).
This repository contains a Go-based scanner for CVE-2026-22557, targeting path traversal vulnerabilities in the UniFi Network Application. The tool tests multiple endpoints with various traversal payloads to detect potential vulnerabilities without exploiting them.
This repository contains a detection tool for CVE-2026-22557, an unauthenticated path-traversal vulnerability in UniFi Network Application's guest captive portal. The tool checks for vulnerability by probing the `page_error` parameter and determining if the traversal fires, without exploiting the vulnerability.
The repository contains a functional Python exploit for CVE-2026-22557, a pre-authentication path traversal vulnerability in the UniFi Network Application guest portal. The exploit leverages the `page_error` query parameter to read arbitrary files from the web application context, potentially extending to system files under specific conditions.
The repository contains a Python script that tests for CVE-2026-22557, a critical path traversal vulnerability in Ubiquiti UniFi Network Application. It sends HTTP requests with various traversal payloads to detect potential vulnerabilities but does not exploit them.
This repository provides a detection script and SIEM rules for identifying CVE-2026-22557, a path traversal vulnerability in Ubiquiti UniFi Network Application. It includes version checks, log scanning, and network exposure tests but does not contain exploit code.
Nuclei Templates (1)
http.title:"UniFi Network"
title="UniFi Network"
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H