Users of Ubiquiti Unifi gear should be aware of CVE-2026-22557 which details a super critical vulnerability that can lead to account takeovers. This is what the CVE says:
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
The issue is a 10/10 which makes this a today problem for Ubiquiti users. The company put out this advisory last week that kind of flew under the radar until it surfaced on Reddit where it quickly became a thing as the kids say.
There’s a second critical vulnerability that has surfaced as well. From the security advisory:
“An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges,”
This one doesn’t have a score. But given that the flaw can escalate privileges, it’s bad. There’s one more vulnerability:
An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link.
This is being tracked as CVE-2026-22559 with a score of 8.8 which is bad. Not as bad as the first issue. But still bad.
All of these are fixed by updating the UniFi Network Server app on gateways and self hosted systems to Version 10.1.89 or later. If you have auto update turned on, this might have already happened for you. But you should check to ensure that it has. For bonus points, you should strongly consider turning off remote access. That way it forces threat actors to actually be on your network to take advantage of a vulnerability. That’s not to say that it would make you completely safe, but it reduces the attack surface a lot. That’s why I mentioned in my review of the Cloud Gateway Max, I would never, ever expose the administration of the device to the Internet.
In any case, it’s once again time to upgrade all the things.
Related
This entry was posted on March 23, 2026 at 12:40 pm and is filed under Commentary with tags Ubiquiti. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ubiquiti Unifi Users Should Update Their Gear ASAP To Protect Themselves From Three Absolutely Critical Vulnerabilities
Users of Ubiquiti Unifi gear should be aware of CVE-2026-22557 which details a super critical vulnerability that can lead to account takeovers. This is what the CVE says:
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
The issue is a 10/10 which makes this a today problem for Ubiquiti users. The company put out this advisory last week that kind of flew under the radar until it surfaced on Reddit where it quickly became a thing as the kids say.
There’s a second critical vulnerability that has surfaced as well. From the security advisory:
“An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges,”
This one doesn’t have a score. But given that the flaw can escalate privileges, it’s bad. There’s one more vulnerability:
An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link.
This is being tracked as CVE-2026-22559 with a score of 8.8 which is bad. Not as bad as the first issue. But still bad.
All of these are fixed by updating the UniFi Network Server app on gateways and self hosted systems to Version 10.1.89 or later. If you have auto update turned on, this might have already happened for you. But you should check to ensure that it has. For bonus points, you should strongly consider turning off remote access. That way it forces threat actors to actually be on your network to take advantage of a vulnerability. That’s not to say that it would make you completely safe, but it reduces the attack surface a lot. That’s why I mentioned in my review of the Cloud Gateway Max, I would never, ever expose the administration of the device to the Internet.
In any case, it’s once again time to upgrade all the things.
Share this:
Like this:
Related
This entry was posted on March 23, 2026 at 12:40 pm and is filed under Commentary with tags Ubiquiti. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.