Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems
CyberSecurityNews • • technology
Key Points:
- Ubiquiti has revealed two critical-to-high severity vulnerabilities in its UniFi Network Application, including a critical Path Traversal flaw (CVE-2026-22557) that allows unauthenticated attackers to gain full system control remotely without user interaction.
- CVE-2026-22557 has a maximum CVSS score of 10.0 and enables attackers with network access to access and manipulate sensitive files, resulting in complete administrative control over the host system.
- The second vulnerability, CVE-2026-22558, is a high-severity authenticated NoSQL Injection flaw (CVSS 7.7) that allows attackers with low-level credentials to escalate privileges and compromise sensitive network configurations.
- Ubi
