Is Ubiquiti affected by EUVD-2026-14988?

A high-severity vulnerability in UniFi Network Server (CVSS 8.8) allows attackers to compromise user accounts through social engineering without requiring prior authentication.

EUVD-2026-14988

| CVE-2026-22559 HIGH

2026-03-24 hackerone

GHSA-8m5g-mp2m-6hp8

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 24, 2026 - 19:30 vuln.today

EUVD ID Assigned

Mar 24, 2026 - 19:30 euvd

EUVD-2026-14988

CVE Published

Mar 24, 2026 - 19:05 nvd

HIGH 8.8

Description

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi Network Server to Version 10.1.89 or later.

Analysis

Ubiquiti UniFi Network Server versions 10.1.85 and earlier are vulnerable to account takeover through improper input validation when users click malicious links in social engineering attacks. An attacker can gain unauthorized account access with high impact on confidentiality, integrity, and availability. …

Remediation

Within 24 hours: Identify all systems running UniFi Network Server 10.1.85 or earlier and isolate them from critical network segments; issue security awareness alert to staff about phishing risks targeting UniFi credentials. Within 7 days: Implement network-level mitigations (WAF rules, email filtering for malicious links); enforce multi-factor authentication on all UniFi administrative accounts; monitor access logs for suspicious login patterns. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

EUVD-2026-14988 vulnerability details – vuln.today

Back

EUVD-2026-14988

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-14988

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code