Ubiquiti UniFi Network Application: Critical weakness allows unauthorized access

Ubiquiti has reported two security vulnerabilities in its UniFi Network Application. One of them is considered critical with the highest rating and allows attackers from the network to gain unauthorized access to accounts. Ubiquiti is providing updates.

Ubiquiti warns of these vulnerabilities in a security advisory. Due to a path traversal vulnerability in UniFi Network Application – formerly known as UniFi Controller – attackers with network access can gain access to and manipulate files in the underlying system to gain access to an account also in the underlying system (CVE-2026-22557, CVSS 10, Risk “critical”). The company does not provide more details. Additionally, authenticated malicious actors on the network can exploit a NoSQL injection vulnerability in the UniFi Network Application to escalate their privileges (CVE-2026-22558, CVSS 7.7, Risk “high”).

The CVE vulnerability entries are still reserved, so more specific information about the security vulnerabilities is not yet available. However, admins should quickly apply the updated software packages on their instances to reduce the attack surface.

UniFi Network Application: Software Versions with error correction

Both security vulnerabilities are fixed in versions UniFi Network Application 10.1.89, 10.2.97, and the firmware 4.0.13 for UniFi Express, which brings the included UniFi Network Application to version 9.0.118 or newer versions, respectively. Ubiquiti provides the downloads for the updates in the linked release announcements. The company also recommends switching to UniFi OS servers for self-hosted instances there.

Most recently, Ubiquiti fixed a vulnerability in the UniFi Protect application in early January. It allowed attackers to gain unauthorized access to UniFi Protect cameras.

(dmk)