Vulnerability Management, Patch/Configuration Management, Network Security

Ubiquiti patches critical vulnerabilities in UniFi Network Application

patch presented in the form of binary code

Ubiquiti has released patches for two critical vulnerabilities affecting its UniFi Network Application, including a maximum-severity flaw that could allow attackers to take over user accounts, according to Bleeping Computer. The UniFi Network app is management software used to configure, monitor, and optimize Ubiquiti networking hardware like access points and switches.

The most severe vulnerability, tracked as CVE-2026-22557, impacts UniFi Network application versions 10.1.85 and earlier. This path traversal flaw allows unauthenticated attackers to access files on targeted devices, potentially leading to user account hijacking with low complexity.

Ubiquiti also addressed a second vulnerability, an authenticated NoSQL injection flaw, which enables authenticated attackers to escalate their privileges within the application. These vulnerabilities could be exploited by threat actors seeking to gain unauthorized access to sensitive network configurations and data.

Source: Bleeping Computer

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds