What is the CVSS score of CVE-2026-22558?

CVE-2026-22558 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Ubiquiti are affected by CVE-2026-22558?

UniFi Network Application contains a NoSQL injection vulnerability that allows authenticated users with low-privilege access to escalate privileges and view sensitive data from higher-privileged…

Ubiquiti CVE-2026-22558

HIGH

Improper Neutralization of Special Elements in Data Query Logic (CWE-943)

2026-03-19 support@hackerone.com

Privilege Escalation Nosql Injection Ubiquiti

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 20, 2026 - 13:52 vuln.today

CVE Published

Mar 19, 2026 - 15:16 nvd

HIGH 7.7

DescriptionNVD

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

AnalysisAI

UniFi Network Application allows authenticated attackers to escalate privileges via NoSQL injection with high confidentiality impact. The vulnerability enables network-accessible attackers holding low-privilege credentials to exploit database queries and access sensitive information belonging to higher-privileged users or contexts. …

RemediationAI

Within 24 hours: Audit and restrict administrative access to UniFi Network Application; enforce strong password policies and multi-factor authentication for all user accounts. Within 7 days: Review access logs for suspicious privilege escalation attempts or database queries from low-privilege accounts; segment UniFi administrative interfaces from untrusted networks. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-34908 CRITICAL Act Now

10.0 May 22

Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur

CVE-2026-34909 CRITICAL Act Now

10.0 May 22

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin

CVE-2026-34910 CRITICAL Act Now

10.0 May 22

Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar

CVE-2026-33000 CRITICAL Act Now

9.1 May 22

Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary ope

CVE-2026-34911 HIGH This Week

7.7 May 22

Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file

CVE-2026-22558 vulnerability details – vuln.today

Back

Ubiquiti CVE-2026-22558

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code