Critical UniFi Flaws Allow Full System Takeover, Patch Now

March 21, 2026 at 10:13 AM

•

1 min read

Critical UniFi Flaws Allow Full System Takeover, Patch Now — Photo: CyberSecurityNews

TL;DR Summary

Ubiquiti disclosed two critical-to-high vulnerabilities in UniFi Network Application: CVE-2026-22557, a path-traversal flaw that can allow unauthenticated attackers to seize full control of the underlying host, and CVE-2026-22558, an authenticated NoSQL injection enabling privilege escalation. Affected versions include UniFi Network App 10.1.85 and earlier, 10.2.93 and earlier, and UniFi Express Network App 9.0.114 and earlier. Patches are available: official 10.1.89+ (or RC 10.2.97+; UX 4.0.13+) bundling Network App 9.0.118+. Given the CVSS 10 rating for CVE-2026-22557, patch immediately and implement network segmentation/firewall controls for the UniFi management interface.

Topics:technology #cybersecurity #nosql-injection #path-traversal #security-update #ubiquiti-unifi #vulnerability

Share this article

Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems CyberSecurityNews
Ubiquiti UniFi Network Application: Critical weakness allows unauthorized access heise online
Max severity Ubiquiti UniFi flaw may allow account takeover BleepingComputer
Ubiquiti UniFi Network Application Vulnerabilities (CVE-2026-22557, CVE-2026-22558) BornCity
Ubiquiti patches critical vulnerabilities in UniFi Network Application SC Media

Reading Insights

Total Reads

Unique Readers

Time Saved

53 min

vs 54 min read

Condensed

99%

10,647 → 88 words

Want the full story? Read the original article

Read on CyberSecurityNews

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights