Cve-2026-22557 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-22557/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSat, 21 Mar 2026 12:00:00 +0000UniFi Network Application Vulnerabilities CVE-2026-22557 and CVE-2026-22558https://feed.craftedsignal.io/briefs/2026-03-unifi-vulns/Sat, 21 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-unifi-vulns/A combination of path traversal (CVE-2026-22557) and NoSQL injection (CVE-2026-22558) vulnerabilities in the UniFi Network Application allows attackers to access files, escalate privileges, and potentially compromise the entire system.<p>The UniFi Network Application, a central platform for managing network devices across enterprise and SMB environments, is affected by two critical vulnerabilities: CVE-2026-22557 (Path Traversal) and CVE-2026-22558 (Authenticated NoSQL Injection). These vulnerabilities impact Official Release versions 10.1.85 and earlier, Release Candidate versions 10.2.93 and earlier, and UniFi Express (UX) versions 9.0.114 and earlier. Exploitation of CVE-2026-22557 enables attackers to access and manipulate…</p> criticaladvisoryunifipath-traversalnosql-injectioncve-2026-22557cve-2026-22558