Ubiquiti has disclosed a maximum severity vulnerability in its UniFi Network Application, the software for managing WiFi access points, switches, and gateways. Hackers can break in without any credentials.
Ubiquiti released emergency updates, including a UniFi Express firmware patch, that fix two vulnerabilities in the UniFi Network Application, the ecosystem’s software for managing UniFi devices, setting up WiFi networks, configuring firewalls, monitoring traffic, and more.
One of the flaws, CVE-2026-22557, has a perfect 10 out of 10 severity score, meaning that exploitation is trivial and can lead to full compromise.
“A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account,” Ubiquiti explains in the advisory.
The software versions released prior to March 18th, 2026, are all affected by the flaw. The most exposed are users with internet-facing instances.
Ubiquiti is urging network administrators to update the official and release candidate versions of the UniFi Network application to the latest version and to patch UniFi Express firmware, which bumps the UniFi Network application to a secure version.
The software is very popular among prosumers and home lab enthusiasts. It can be self-hosted on a Linux server, a Windows machine, macOS, or in a Docker container.
The second disclosed vulnerability has a severity rating of 7.7 out of 10 and is an authenticated NoSQL injection bug. It enables attackers, who have gained authenticated access to the network, to escalate their privileges.
To reduce the risk of delayed patching, the company recommends that users switch to UniFi OS Server for self-hosted instances, which includes the full UniFi Network application suite and other tools.
“Going forward, we recommend users upgrade to UniFi OS Server for all self-hosted deployments. It provides the full UniFi OS Platform experience, ensuring you receive the latest features, improvements, and integrations,” Ubiquiti said.
The advisory doesn’t mention whether the bugs are under active exploitation in the wild.
The affected products are as follows:
- Official Release of the UniFi Network application: version 10.1.85 and earlier.
- Release Candidate of the UniFi Network application: version 10.2.93 and earlier.
- UniFi Express (UX): UniFi Network application: version 9.0.114 and earlier.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked