cbcvebase.
CVE-2026-22558
published 2026-03-19

CVE-2026-22558: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to…

PriorityP350high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.55%
42.1th percentile
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

Affected

3 ranges
VendorProductVersion rangeFixed in
ubiquiti_incunifi_network_application>= 10.1.89 < 10.1.8910.1.89
ubiquiti_incunifi_network_application>= 10.2.97 < 10.2.9710.2.97
ubiquiti_incunifi_network_application>= 9.0.118 < 9.0.1189.0.118
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.