Description
An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link.


Affected Products:
UniFi Network Server (Version 10.1.85 and earlier)


Mitigation:
Update UniFi Network Server to Version 10.1.89 or later.
Published: 2026-03-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Account Access
Action: Patch Now
AI Analysis

Impact

In UniFi Network Server, a missing validation on input allows a malicious link to grant access to an account. The result is unauthorized account takeover, providing attackers control over the network. This is an input validation weakness, CWE‑20.

Affected Systems

Ubiquiti’s UniFi Network Server, versions 10.1.85 and earlier, is affected. No newer releases are impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. Exploitation requires the user to click a crafted URL, which is inferred from the description. No EPSS data is available, and the vulnerability is not listed in KEV; nevertheless, the high score signals a serious risk to confidentiality and integrity for systems running the affected software.

Generated by OpenCVE AI on March 24, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update your UniFi Network Server to version 10.1.89 or later.

Generated by OpenCVE AI on March 24, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Improper Input Validation Allows Unauthenticated Access via Malicious Link in UniFi Network Server

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Network Server
Vendors & Products Ubiquiti
Ubiquiti unifi Network Server

Tue, 24 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi Network Server to Version 10.1.89 or later.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Unifi Network Server
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-03-24T20:20:08.516Z

Reserved: 2026-01-07T15:39:03.440Z

Link: CVE-2026-22559

cve-icon Vulnrichment

Updated: 2026-03-24T20:19:56.297Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T20:16:26.253

Modified: 2026-03-25T15:41:58.280

Link: CVE-2026-22559

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:57:48Z

Weaknesses