CVE-2026-22557

Name of the Vulnerable Software and Affected Versions UniFi Network Application versions prior to 10.1.89

Description A Path Traversal vulnerability exists in the UniFi Network Application. A malicious actor with network access can exploit this flaw to access files on the underlying system. These files can be manipulated to gain access to underlying accounts, potentially leading to account takeover and full system control. Approximately 87,196 systems were identified as exposed. Attackers are actively exploiting this vulnerability to gain unauthenticated access and escalate privileges, enabling lateral movement across managed network infrastructure.

Recommendations Update to UniFi Network Application version 10.1.89 or later. Restrict management interface access to a dedicated VLAN. Audit admin accounts for unauthorized changes. Enable Multi-Factor Authentication (MFA) on all UniFi admin accounts. Disable cloud access if it is not needed.