CVE-2026-22558
published 2026-03-19CVE-2026-22558: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to…
PriorityP350high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.55%
42.1th percentile
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_network_application | >= 10.1.89 < 10.1.89 | 10.1.89 |
| ubiquiti_inc | unifi_network_application | >= 10.2.97 < 10.2.97 | 10.2.97 |
| ubiquiti_inc | unifi_network_application | >= 9.0.118 < 9.0.118 | 9.0.118 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Ubiquiti patches three max severity UniFi OS vulnerabilities
blogs_bleepingcomputer·2026-05-22·CVSS 10.0
CVE-2026-34908 [CRITICAL] Ubiquiti patches three max severity UniFi OS vulnerabilities
## Ubiquiti patches three max severity UniFi OS vulnerabilities
## Sergiu Gatlan
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi Protect, UniFi Access, UniFi Talk, and UniFi Connect.
The first flaw ( CVE-2026-34908 ) enables attackers to make unauthorized changes to targeted systems by exploiting an Improper Access Control weakness in UniFi OS, while the second ( CVE-2026-34909 ) allows them to access files on the underlying system by abusing a Path Traversal vulner
Hackernews
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
blogs_hackernews·2026-03-23
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.
This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks showing attackers are becoming more patient and creative.
It’s a mix of old problems that never go away and new methods that are harder to detect. Th
Wiz
CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22558 [HIGH] CVE-2026-22558 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22558 :
Ubiquiti UniFi vulnerability analysis and mitigation
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
Source : NVD
## 7.7
Score
Published March 19, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity HIGH Has Fix Added at: Mar 20, 2026
Windows Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-22557 [HIGH] CVE-2026-22557 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22557 :
Ubiquiti UniFi vulnerability analysis and mitigation
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Source : NVD
## 10
Score
Published March 19, 2026
Severity CRITICAL
CNA Score 10.0
Affected Technologies
Ubiquiti UniFi
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:ui:unifi_network_application
Sources
NVD
Linux Severity CRITICAL Has Fix Added at: Mar 20, 2026
Windows Severity CRITICAL Has Fix Added
2026-03-19
Published