CVE-2026-22557
published 2026-03-19CVE-2026-22557: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the…
PriorityP184critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EXPLOIT
EPSS
15.60%
96.4th percentile
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_network_application | >= 10.1.89 < 10.1.89 | 10.1.89 |
| ubiquiti_inc | unifi_network_application | >= 10.2.97 < 10.2.97 | 10.2.97 |
| ubiquiti_inc | unifi_network_application | >= 9.0.118 < 9.0.118 | 9.0.118 |
Detection & IOCsextracted from sources · hover to see the quote
urlGET /guest/s/default/login?page_error=..%2F..%2Fweb.xml HTTP/1.1
path/guest/s/default/login?page_error=..%2F..%2Fweb.xml
urlhttps://github.com/ThePotatoOfDoom/CVE-2026-22557-PoC
yara
contains_all(body, "","<web-app") AND contains(content_type, "application/xml") AND status_code == 200
- →Path traversal payload targets the 'page_error' parameter in the UniFi guest portal login endpoint, using URL-encoded '../' sequences to reach web.xml on the underlying system.
- →Exploit requires no authentication (PR:N, UI:N) and is network-reachable; look for unauthenticated GET requests to /guest/s/default/login with 'page_error' parameter containing path traversal sequences. ↗
- →Successful exploitation response contains '<web-app' in the body with content-type 'application/xml' and HTTP 200 status — use these as detection response indicators.
- →Referer header in exploit request is crafted with MAC address and SSID parameters; monitor for suspicious Referer values on UniFi guest portal endpoints.
- →Censys is tracking nearly 87,000 Internet-exposed UniFi Network endpoints; prioritize patching internet-facing instances. ↗
- ·Vulnerability affects UniFi Network Application version 10.1.85 and earlier; fixed in version 10.1.89 or later. ↗
- ·The Nuclei template is verified and requires only 1 HTTP request (max-request: 1), making it very low-noise for scanning.
- ·A public proof-of-concept exploit exists on GitHub, increasing the likelihood of active exploitation.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
UniFi Network Application - Path Traversal
nuclei·CVSS 10.0
CVE-2026-22557 [CRITICAL] UniFi Network Application - Path Traversal
UniFi Network Application - Path Traversal
UniFi Network Application contains a path traversal vulnerability allowing a network attacker to access and manipulate files on the underlying system, potentially leading to account access, exploit requires network access.
Template:
id: CVE-2026-22557
info:
name: UniFi Network Application - Path Traversal
author: Aryu-RU
severity: critical
description: |
UniFi Network Application contains a path traversal vulnerability allowing a network attacker to access and manipulate files on the underlying system, potentially leading to account access, exploit requires network access.
impact: |
Network attackers can access and manipulate system files, potentially compromising user accounts and system integrity.
remediation: |
Update to the latest version
Bleepingcomputer
Ubiquiti patches three max severity UniFi OS vulnerabilities
blogs_bleepingcomputer·2026-05-22·CVSS 10.0
CVE-2026-34908 [CRITICAL] Ubiquiti patches three max severity UniFi OS vulnerabilities
## Ubiquiti patches three max severity UniFi OS vulnerabilities
## Sergiu Gatlan
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi Protect, UniFi Access, UniFi Talk, and UniFi Connect.
The first flaw ( CVE-2026-34908 ) enables attackers to make unauthorized changes to targeted systems by exploiting an Improper Access Control weakness in UniFi OS, while the second ( CVE-2026-34909 ) allows them to access files on the underlying system by abusing a Path Traversal vulner
Hackernews
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
blogs_hackernews·2026-03-23
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.
This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks showing attackers are becoming more patient and creative.
It’s a mix of old problems that never go away and new methods that are harder to detect. Th
Checkpoint
23rd March – Threat Intelligence Report
blogs_checkpoint·2026-03-23
CVE-2026-33017 23rd March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 23rd March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 23rd March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Navia Benefit Solutions, a United States-based employee benefits administrator, has disclosed a breach affecting more than 2.6 million individuals after unauthorized access and potential data exfiltration occurred between December 22, 2025 and January 15, 2026. Exposed information may include personal, health, and benefits dat
Bleepingcomputer
Max severity Ubiquiti UniFi flaw may allow account takeover
blogs_bleepingcomputer·2026-03-19·CVSS 10.0
[CRITICAL] Max severity Ubiquiti UniFi flaw may allow account takeover
## Max severity Ubiquiti UniFi flaw may allow account takeover
## Sergiu Gatlan
Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts.
The UniFi Network app (also known as the UniFi Controller) is management software that helps configure, monitor, and optimize Ubiquiti UniFi networking hardware, such as access points, switches, and gateways.
"Combines powerful internet gateways with scalable WiFi and switching. Provides real-time traffic dashboards, visual topology maps, and optimization tips," the networking device manufacturer says . "The preferred way to deploy UniFi Network is on a UniFi Cloud Gateway, rather than on a server, laptop, or other self-hosted environment."
Tracke
Wiz
CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22558 [HIGH] CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22558 :
Ubiquiti UniFi vulnerability analysis and mitigation
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
Source : NVD
## 7.7
Score
Published March 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
Windows Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22557 [HIGH] CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22557 :
Ubiquiti UniFi vulnerability analysis and mitigation
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Source : NVD
## 10
Score
Published March 19, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity CRITICAL Has Fix Added at: Mar 20, 2026
Windows Severity CRITICAL Has Fix Added
2026-03-19
Published