Multiple Vulnerabilities, One Critical, in Ubiquiti UniFi Network Application

One of the vulnerabilities, CVE‑2026‑22557, is a maximum‑severity issue that may allow an unauthenticated attacker with network access to exploit a path traversal vulnerability to access files on the targeted system, potentially enabling account takeover in low‑complexity attacks that require no user interaction.

The second vulnerability, CVE-2026-22558, enables privilege escalation through an authenticated NoSQL injection condition[1].

Ubiquiti notes that in recent years its products have been targeted by both state‑sponsored threat actors and cybercriminal groups who have hijacked devices for botnet‑building and operational obfuscation. As an example, the FBI dismantled a botnet of compromised Ubiquiti Edge OS routers in February 2024 that had been used by Russia’s GRU to proxy malicious traffic in attacks against the United States and allied nations[1].

CVE

CVE‑2026‑22557

CVE-2026-22558

Affected Products

Official Release: UniFi Network application (Version 10.1.85 and earlier)

Release Candidate: UniFi Network application (Version 10.2.93 and earlier)

UniFi Express (UX): UniFi Network application (Version 9.0.114 and earlier)

Recommended Actions

Truesec recommends following the vendor instruction, which is[1]:

Official Release: Update UniFi Network application to Version 10.1.89 or later.

Release Candidate: Update UniFi Network application to Version 10.2.97 or later.

UniFi Express (UX): Update UniFi Express firmware to 4.0.13 or later, which updates the UniFi Network application to Version 9.0.118 or later.

References

[1] https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b