Description
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
Published: 2026-03-19
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: File disclosure and account manipulation
Action: Apply Patch
AI Analysis

Impact

A path traversal flaw in the UniFi Network Application allows an adversary with network access to read arbitrary files on the host and potentially manipulate files to gain access to underlying account credentials.

Affected Systems

The vulnerability affects Ubiquiti Inc's UniFi Network Application. No specific version information is supplied, so all installations should be considered at risk until vendor-disclosed details are available.

Risk and Exploitability

The CVSS score of 10 indicates maximum severity. EPSS data is not available and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector involves crafting HTTP requests to the UniFi controller over the local network to traverse directories and access files outside the intended scope, which could lead to further compromise if privileged accounts are reached.

Generated by OpenCVE AI on March 19, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑provided patch for the UniFi Network Application.
  • If no patch is available, restrict network access to the controller to trusted devices only, for example by applying firewall rules to block untrusted segments.
  • Monitor the Ubiquiti community advisory link for updates on patches or workarounds.
  • Implement network segmentation to isolate the UniFi controller from untrusted segments to reduce exposure.

Generated by OpenCVE AI on March 19, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Title Path Traversal Vulnerability in Ubiquiti UniFi Network Application Enabling Unauthorized File Access

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Network Application
Vendors & Products Ubiquiti
Ubiquiti unifi Network Application

Thu, 19 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Unifi Network Application
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-19T15:03:43.144Z

Reserved: 2026-01-07T15:39:03.439Z

Link: CVE-2026-22557

cve-icon Vulnrichment

Updated: 2026-03-19T15:03:38.628Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T15:16:23.533

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-22557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:14:51Z

Weaknesses