CVE-2024-42028
published 2024-10-28CVE-2024-42028: A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a…
PriorityP346high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EPSS
0.16%
5.9th percentile
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_network_application | 8.4.62 – 8.4.62 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22558 [HIGH] CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22558 :
Ubiquiti UniFi vulnerability analysis and mitigation
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
Source : NVD
## 7.7
Score
Published March 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
Windows Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22557 [HIGH] CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22557 :
Ubiquiti UniFi vulnerability analysis and mitigation
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Source : NVD
## 10
Score
Published March 19, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity CRITICAL Has Fix Added at: Mar 20, 2026
Windows Severity CRITICAL Has Fix Added
2024-10-28
Published