cbcvebase.

Ubiquiti Inc Unifi Network Application vulnerabilities

7 known vulnerabilities affecting ubiquiti_inc/unifi_network_application.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-28365P2CRITICALCVSS 9.1Exploited≥ 7.3.83, ≤ 7.3.832023-07-01
CVE-2023-28365 [CRITICAL] CWE-77 CVE-2023-28365: A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linu A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
nvd
CVE-2026-22557P1CRITICALCVSS 10.0PoC≥ 10.1.89, < 10.1.89≥ 10.2.97, < 10.2.97+1 more2026-03-19
CVE-2026-22557 [CRITICAL] CWE-22 CVE-2026-22557: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in t A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
nvd
CVE-2024-27981P2CRITICALCVSS 9.8≥ 8.1.113, < 8.1.1132024-04-04
CVE-2024-27981 [CRITICAL] CWE-77 CVE-2024-27981: A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Ne A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earl
nvd
CVE-2026-22558P3HIGHCVSS 7.7≥ 10.1.89, < 10.1.89≥ 10.2.97, < 10.2.97+1 more2026-03-19
CVE-2026-22558 [HIGH] CWE-943 CVE-2026-22558: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a mali An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
nvd
CVE-2024-42028P3HIGHCVSS 8.8≥ 8.4.62, ≤ 8.4.622024-10-28
CVE-2024-42028 [HIGH] CWE-276 CVE-2024-42028: A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Ne A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
nvd
CVE-2024-42025P3HIGHCVSS 7.8≥ 8.4.59, < 8.4.592024-09-13
CVE-2024-42025 [HIGH] CWE-77 CVE-2024-42025: A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Ne A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
nvd
CVE-2025-24292P3MEDIUMCVSS 6.8≥ 9.2.87, < 9.2.872025-06-29
CVE-2025-24292 [MEDIUM] CWE-287 CVE-2025-24292: A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to E A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile.
nvd
Ubiquiti Inc Unifi Network Application vulnerabilities | cvebase