Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts.

Ubiquiti patched two vulnerabilities in its UniFi Network app, including a maximum-severity flaw that could enable account takeover. The software is widely used to manage UniFi networking devices like access points, switches, and gateways.

The Ubiquiti UniFi Network app is management software developed by Ubiquiti to control and monitor its UniFi networking devices.

It lets users configure, manage, and optimize hardware like Wi-Fi access points, switches, and gateways from a single dashboard. IT admins use it to set up networks, track performance, manage users, apply security settings, and troubleshoot issues, either locally or via the cloud.

The vendor addressed a maximum severity issue tracked as CVE-2026-22557 (CVSS score of 10.0), which affects UniFi Network application version 10.1.85 and earlier.

An attacker on the network could exploit a path traversal flaw in UniFi to access system files and potentially take over user accounts.

“A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.” reads the advisory.

Versions 10.1.89 or later addressed the vulnerability.

The second issue addressed by Ubiquiti, tracked as CVE-2026-22558 (CVSS score of 7.7), resides in the UniFi Network app, attackers with low privileges can exploit it for privilege escalation.

“An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges,” states the company.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, UniFi Network Application)