Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Multiple Vulnerabilities in Ubiquiti UniFi Network Application

23 March 2026

Ubiquiti has released software updates addressing multiple vulnerabilities in Ubiquiti UniFi Network Application. Users and administrators of affected products are advised to update to the latest version immediately.

Background

Ubiquiti has released software updates addressing multiple vulnerabilities (CVE-2026-22557 and CVE-2026-22558) in Ubiquiti UniFi Network Application.

Impact

Successful exploitation of the vulnerabilities could lead to the following:

  • CVE-2026-22557: Successful exploitation of the Path Traversal vulnerability could allow an attacker to access files in the system, leading to potential account compromise. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10.0 out of 10.

  • CVE-2026-22558: Successful exploitation of the Authenticated NoSQL Injection vulnerability could allow an authenticated attacker to perform privilege escalation.

Affected Products

The vulnerabilities affect UniFi Network Application versions 10.1.85 and earlier.

Recommendation 

Users and administrators of affected product versions are advised to update to the latest version immediately. 

References

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

https://nvd.nist.gov/vuln/detail/CVE-2026-22557

https://nvd.nist.gov/vuln/detail/CVE-2026-22558

https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-unifi-flaw-that-may-enable-account-takeover/

Back to top