wid-sec-w-2026-0784 · Published 2026-03-18 · View on BSI CERT-Bund ↗

Ubiquiti UniFi Network Application: Multiple Vulnerabilities allow Privilegieneskalation

CVSS 10.0 CRITICAL

Risk Summary

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

CVEs (2)

CVE-2026-22557 CVE-2026-22558

Affected Vendors

Ubiquiti

Affected Products (8)

Ubiquiti · UniFi Network application <10.1.89

Ubiquiti · UniFi Network application 10.1.89

Ubiquiti · UniFi Network application <10.2.97

Ubiquiti · UniFi Network application 10.2.97

Ubiquiti · UniFi Express <4.0.13

Ubiquiti · UniFi Express 4.0.13

Ubiquiti · UniFi Network application <9.0.118

Ubiquiti · UniFi Network application 9.0.118

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more