critical advisory March 21, 2026

UniFi Network Application Vulnerabilities CVE-2026-22557 and CVE-2026-22558

A combination of path traversal (CVE-2026-22557) and NoSQL injection (CVE-2026-22558) vulnerabilities in the UniFi Network Application allows attackers to access files, escalate privileges, and potentially compromise the entire system.

The UniFi Network Application, a central platform for managing network devices across enterprise and SMB environments, is affected by two critical vulnerabilities: CVE-2026-22557 (Path Traversal) and CVE-2026-22558 (Authenticated NoSQL Injection). These vulnerabilities impact Official Release versions 10.1.85 and earlier, Release Candidate versions 10.2.93 and earlier, and UniFi Express (UX) versions 9.0.114 and earlier. Exploitation of CVE-2026-22557 enables attackers to access and manipulate…

Detection coverage 2

Detect Path Traversal Attempts in UniFi Network Application Logs

high

Detects potential path traversal attempts by monitoring logs for suspicious file access patterns.

sigma tactics: initial_access techniques: T1190 sources: file_event, linux

Detect Potential NoSQL Injection in UniFi Network Application Logs

medium

Detects potential NoSQL injection attempts by monitoring logs for suspicious characters and keywords.

sigma tactics: privilege_escalation techniques: T1068 sources: file_event, linux

Detection queries are kept inside the platform. Get full rules →