CVE-2026-22558

HIGH

Ubiquiti INC Unifi Network Application < 10.1.89 - SQL Injection

Title source: rule

Description

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

References (1)

Scores

CVSS v3 7.7
EPSS 0.0001
EPSS Percentile 1.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-943
Status published
Products (3)
Ubiquiti Inc/UniFi Network Application < 10.1.89
Ubiquiti Inc/UniFi Network Application < 10.2.97
Ubiquiti Inc/UniFi Network Application < 9.0.118
Published Mar 19, 2026
Tracked Since Mar 19, 2026