What is the CVSS score of CVE-2026-22559?

CVE-2026-22559 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ubiquiti are affected by CVE-2026-22559?

Ubiquiti UniFi Network Server versions 10.1.85 and earlier contain a high-severity account takeover vulnerability exploitable through social engineering attacks, potentially enabling unauthorized…. A patch is available.

Ubiquiti CVE-2026-22559

EUVD-2026-14988 HIGH

Improper Input Validation (CWE-20)

2026-03-24 hackerone

GHSA-8m5g-mp2m-6hp8

Authentication Bypass Ubiquiti

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:17 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

10.1.89

EUVD ID Assigned

Mar 24, 2026 - 19:30 euvd

EUVD-2026-14988

Analysis Generated

Mar 24, 2026 - 19:30 vuln.today

CVE Published

Mar 24, 2026 - 19:05 nvd

HIGH 8.8

DescriptionNVD

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link.

Affected Products: UniFi Network Server (Version 10.1.85 and earlier)

Mitigation: Update UniFi Network Server to Version 10.1.89 or later.

AnalysisAI

Ubiquiti UniFi Network Server versions 10.1.85 and earlier are vulnerable to account takeover through improper input validation when users click malicious links in social engineering attacks. An attacker can gain unauthorized account access with high impact on confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Inventory all Ubiquiti UniFi Network Server deployments and identify systems running version 10.1.85 or earlier. Within 7 days: Apply vendor patch to upgrade to version 10.1.89 or later across all affected instances; conduct user awareness training on social engineering and suspicious link recognition. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-34908 CRITICAL Act Now

10.0 May 22

Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur

CVE-2026-34909 CRITICAL Act Now

10.0 May 22

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin

CVE-2026-34910 CRITICAL Act Now

10.0 May 22

Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar

CVE-2026-33000 CRITICAL Act Now

9.1 May 22

Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary ope

CVE-2026-34911 HIGH This Week

7.7 May 22

Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file

CVE-2026-22559 vulnerability details – vuln.today

Back

Ubiquiti CVE-2026-22559

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code