CVE-2026-22557

Name of the Vulnerable Software and Affected Versions UniFi Network Application versions prior to 10.1.89

Description A Path Traversal issue exists due to improper restriction of directory path names. This allows an unauthenticated malicious actor with network access to access files on the underlying system. These files can be manipulated to obtain authentication credentials, leading to admin account takeover, privilege escalation, and lateral movement across managed network infrastructure.

Recommendations Update to UniFi Network Application version 10.1.89 or later. Restrict the management interface to a dedicated VLAN. Audit admin accounts for unauthorized changes. Enable MFA on all UniFi admin accounts. Disable cloud access if not required.