Ubiquiti
CVE-2026-22557
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
AnalysisAI
A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed.
Technical ContextAI
This is a path traversal vulnerability (also known as directory traversal) affecting the UniFi Network Application from Ubiquiti Inc. The affected product is identified via CPE string cpe:2.3:a:ubiquiti_inc:unifi_network_application. Path traversal vulnerabilities typically occur when applications fail to properly sanitize user-supplied input used in file path operations, allowing attackers to use sequences like '../' to navigate outside intended directories and access sensitive system files. In this case, the vulnerability is particularly severe because accessed files can be manipulated to compromise underlying system accounts, suggesting the application may process configuration files, authentication databases, or other security-critical resources without adequate access controls.
RemediationAI
Administrators should immediately consult Ubiquiti's Security Advisory Bulletin 062 available at https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b for specific patching instructions and updated versions that address this vulnerability. Given the critical nature and network-based attack vector, patching should be prioritized as an emergency maintenance activity. Until patches can be applied, organizations should implement network-level controls to restrict access to the UniFi Network Application management interface to trusted administrative networks only, using firewall rules or VPN requirements. Consider placing the application behind a reverse proxy or web application firewall configured to detect and block path traversal attempts, and monitor access logs for suspicious file access patterns or traversal sequences.
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allow
A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severi
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Ra
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the data
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.5
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulne
A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this
A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability
A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnera
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today