CVE-2026-22557 - Vulnerability Details

- Path Traversal in UniFi Network Application Allows File Disclosure and Account Manipulation

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Published: 2026-03-19

Score: 10 Critical

EPSS: 15.6% Moderate

KEV: No

Impact:

Action:

Analysis

Impact

A path traversal flaw in the UniFi Network Application allows an adversary with network access to read arbitrary files on the host and potentially manipulate files to gain access to underlying account credentials.

Affected Systems

The vulnerability affects Ubiquiti Inc's UniFi Network Application. No specific version information is supplied, so all installations should be considered at risk until vendor‑disclosed details are available.

Risk and Exploitability

The CVSS score of 10 indicates maximum severity. EPSS score of 16% indicates a moderate likelihood of exploitation, while the vulnerability is not listed in CISA's KEV catalog. The likely attack vector involves crafting HTTP requests to the UniFi controller over the local network to traverse directories and access files outside the intended scope, which could lead to further compromise if privileged accounts are reached.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ubiquiti Inc

UniFi Network Application

unaffected

Version	Status	Constraints
`10.1.89`	affected	< 10.1.89
`10.2.97`	affected	< 10.2.97
`9.0.118`	affected	< 9.0.118

No data.

Vendor Product Confidence Versions

Ubiquiti

Unifi Network Application

95%

Version	Status	Scheme	Platform
`[10.1.89,10.1.89)`	affected	semver	—
`[10.2.97,10.2.97)`	affected	semver	—
`[9.0.118,9.0.118)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑provided patch for the UniFi Network Application.
If no patch is available, implement input validation to prevent traversal by restricting file path parameters to the intended directories, following CWE-22 best practices.
Restrict network access to the controller to trusted devices only, for example by applying firewall rules to block untrusted segments.
Monitor the Ubiquiti community advisory link for updates on patches or workarounds.
Implement network segmentation to isolate the UniFi controller from untrusted segments to reduce exposure.

Generated by OpenCVE AI on June 23, 2026 at 16:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.15601.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

History

Tue, 23 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Title		Path Traversal in UniFi Network Application Allows File Disclosure and Account Manipulation

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title	Path Traversal Allowing File Disclosure and Account Manipulation in Ubiquiti UniFi Network Application

Wed, 17 Jun 2026 05:45:00 +0000

Type	Values Removed	Values Added
Title		Path Traversal Allowing File Disclosure and Account Manipulation in Ubiquiti UniFi Network Application

Tue, 16 Jun 2026 07:45:00 +0000

Type	Values Removed	Values Added
Title	Path Traversal Vulnerability in Ubiquiti UniFi Network Application Enabling Unauthorized File Access

Fri, 20 Mar 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title		Path Traversal Vulnerability in Ubiquiti UniFi Network Application Enabling Unauthorized File Access

Fri, 20 Mar 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ubiquiti Ubiquiti unifi Network Application
Vendors & Products		Ubiquiti Ubiquiti unifi Network Application

Thu, 19 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 19 Mar 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
References		https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Ubiquiti Unifi Network Application

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-03-19T14:24:51.910Z

Updated: 2026-03-19T15:03:43.144Z

Reserved: 2026-01-07T15:39:03.439Z

Link: CVE-2026-22557

Vulnrichment

Updated: 2026-03-19T15:03:38.628Z

NVD

Status : Deferred

Published: 2026-03-19T15:16:23.533

Modified: 2026-06-17T10:20:04.583

Link: CVE-2026-22557

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-23T16:45:05Z

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object