Total Takeover: Critical 10.0 CVSS Path Traversal Flaw Hits Ubiquiti UniFi Networks
Ddos 
Ubiquiti has issued an urgent security advisory following the discovery of two significant vulnerabilities within its UniFi Network Application ecosystem. The most severe flaw, a Path Traversal vulnerability, has been assigned a maximum CVSS score of 10.0, signaling a “Critical” risk that could allow unauthenticated attackers to completely compromise underlying systems.
These vulnerabilities impact a wide range of popular networking hardware, including the UniFi Express (UX) and standard application releases.
CVE-2026-22557: A Critical Path to System Access
The most alarming discovery is a Path Traversal bug that grants an attacker the ability to step outside of restricted folders and access sensitive files.
“A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account“.
Because this exploit requires no prior privileges or user interaction (UI:N), it represents a worst-case scenario for network administrators. Once an attacker gains access to the underlying system files, they can effectively seize control of the entire management interface.
CVE-2026-22558: Escalating Privileges via NoSQL Injection
The second vulnerability, while rated “High” with a CVSS score of 7.7, targets the application’s data layer. This NoSQL Injection vulnerability allows a user who already has basic authenticated access to bypass security logic.
“An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges“.
By injecting malicious code into database queries, an attacker can elevate their status, potentially gaining administrative rights over the entire UniFi network.
Affected Products and Urgent Mitigation
The vulnerabilities are widespread across several release branches:
- Official Release: Versions 10.1.85 and earlier.
- Release Candidate: Versions 10.2.93 and earlier.
- UniFi Express (UX): Versions 9.0.114 and earlier.
Ubiquiti has released immediate patches and strongly advises all users to update their software and firmware to the following versions to close these security gaps:
| Product Branch | Required Action |
| Official Release |
Update to Version 10.1.89 or later. |
| Release Candidate |
Update to Version 10.2.97 or later. |
| UniFi Express (UX) |
Update firmware to 4.0.13 (includes Application 9.0.118). |
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
