Ubiquiti Patches Critical Account Takeover Flaw in UniFi Network Application
Take action: If you are using Ubiquiti products, update your UniFi Network Application and UniFi Express firmware ASAP. As usual, first make sure all management interfaces are not exposed to the public internet and are accessible only from trusted networks.
Learn More
Ubiquiti released security updates for the UniFi Network Application to address two vulnerabilities, including a maximum-severity path traversal flaw. This software is a central management hub for configuring and monitoring UniFi networking hardware, such as access points, switches, and gateways.
Vulnerabilities summary:
- CVE-2026-22557 (CVSS score 10.0) - A path traversal vulnerability that allows attackers to access sensitive files on the underlying system. By exploiting this flaw, a malicious actor on the network can read or manipulate system files to gain unauthorized access to administrative accounts. This attack defeats standard authentication controls and results in full account takeover.
- CVE-2026-22558 (CVSS score 7.7) - An authenticated NoSQL injection vulnerability that enables privilege escalation within the application. Attackers with low-level credentials can inject malicious queries into the database layer to bypass permission restrictions. This allows them to gain elevated administrative rights and expand their control over the managed network environment.
Successful exploitation could allow attackers to manipulate traffic, disrupt service availability, or use hijacked accounts to establish long-term persistence within a corporate network.
Ubiquiti hardware has been a target for state-sponsored groups; for example, the FBI previously disrupted a botnet of Ubiquiti routers used by the Russian GRU to proxy malicious traffic.
Affected software includes Official Release versions 10.1.85 and earlier, and Release Candidate versions 10.2.93 and earlier. Additionally, UniFi Express (UX) devices running Network application version 9.0.114 and earlier are also vulnerable to these exploits.
Ubiquiti recommends that administrators update their installations ASAP. Official Release users should move to version 10.1.89 or later, and those on the Release Candidate channel require version 10.2.97 or later. UniFi Express users should apply firmware version 4.0.13 or later, which updates the UniFi Network application to Version 9.0.118 or later.
