Skip to main content

Ubiquiti CVE-2026-22557

CRITICAL
Path Traversal (CWE-22)
2026-03-19 hackerone
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 19, 2026 - 14:45 vuln.today
CVE Published
Mar 19, 2026 - 14:24 nvd
CRITICAL 10.0

DescriptionCVE.org

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

AnalysisAI

A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed.

Technical ContextAI

This is a path traversal vulnerability (also known as directory traversal) affecting the UniFi Network Application from Ubiquiti Inc. The affected product is identified via CPE string cpe:2.3:a:ubiquiti_inc:unifi_network_application. Path traversal vulnerabilities typically occur when applications fail to properly sanitize user-supplied input used in file path operations, allowing attackers to use sequences like '../' to navigate outside intended directories and access sensitive system files. In this case, the vulnerability is particularly severe because accessed files can be manipulated to compromise underlying system accounts, suggesting the application may process configuration files, authentication databases, or other security-critical resources without adequate access controls.

RemediationAI

Administrators should immediately consult Ubiquiti's Security Advisory Bulletin 062 available at https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b for specific patching instructions and updated versions that address this vulnerability. Given the critical nature and network-based attack vector, patching should be prioritized as an emergency maintenance activity. Until patches can be applied, organizations should implement network-level controls to restrict access to the UniFi Network Application management interface to trusted administrative networks only, using firewall rules or VPN requirements. Consider placing the application behind a reverse proxy or web application firewall configured to detect and block path traversal attempts, and monitor access logs for suspicious file access patterns or traversal sequences.

CVE-2026-34910 CRITICAL POC
10.0 May 22

Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar

CVE-2026-34909 CRITICAL POC
10.0 May 22

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin

CVE-2026-34908 CRITICAL POC
10.0 May 22

Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur

CVE-2013-1606 HIGH POC
7.5 Jul 18

Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allow

CVE-2023-1458 CRITICAL POC
9.8 Mar 25

A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severi

CVE-2023-24104 CRITICAL POC
9.8 Feb 23

Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Ra

CVE-2016-7792 HIGH POC
8.8 Jan 23

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the data

CVE-2023-23912 HIGH POC
8.8 Feb 09

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.5

CVE-2023-2375 HIGH POC
7.3 Apr 28

A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulne

CVE-2023-2374 HIGH POC
7.3 Apr 28

A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this

CVE-2023-2378 HIGH POC
7.3 Apr 28

A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability

CVE-2023-2377 HIGH POC
7.3 Apr 28

A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnera

Share

CVE-2026-22557 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy