Overview
- Ubiquiti disclosed CVE-2026-22557 in the UniFi Network application, rating it CVSS 10.0 and fixing it in versions 10.1.89 and later after affecting 10.1.85 and earlier.
- The path traversal flaw lets an actor with network access read system files that could be manipulated to hijack user accounts in low-complexity attacks without user interaction.
- A second issue, CVE-2026-22558, is an authenticated NoSQL injection that could allow privilege escalation, and it is addressed in the same update.
- Censys observed nearly 88,000 UniFi Network Application hosts exposed to the internet, with about one-third located in the United States, though version data is not visible.
- As of Friday morning, researchers reported no public proof-of-concept code or confirmed in-the-wild exploitation, and Ubiquiti advises users to update promptly.