Ubiquiti UniFi Network Application Hit by Critical CVSS 10.0 Path Traversal Flaw (CVE-2026-22557)

A critical, maximum-severity vulnerability in Ubiquiti's UniFi Network Application allows unauthenticated attackers to read any file on the underlying system. The flaw, tracked as CVE-2026-22557 and rated a perfect CVSS 10.0, was disclosed alongside a second, high-severity NoSQL injection bug (CVE-2026-22558, CVSS 7.7). The path traversal vulnerability requires no authentication or user interaction, enabling a network-accessible attacker to potentially compromise system accounts and gain full control over the confidentiality, integrity, and availability of the system.

The vulnerabilities affect multiple product lines and versions. The critical path traversal flaw impacts the official UniFi Network Application version 10.1.85 and earlier, with a fix available in version 10.1.89. It also affects Release Candidate versions up to 10.2.93 (fixed in 10.2.97) and the UniFi Express (UX) device with firmware up to 9.0.114, which is patched via firmware update 4.0.13. Ubiquiti published the details in Security Advisory Bulletin 062 on March 18, 2026.

This disclosure places immediate pressure on network administrators and organizations globally using UniFi management software for their network infrastructure. The presence of a CVSS 10.0 flaw in a widely deployed network management platform signals a severe security failure, prompting urgent scrutiny of patch deployment processes. The risk is compounded by the second, authenticated NoSQL injection vulnerability, which could allow for further data manipulation. Failure to apply the provided updates exposes networks to significant compromise, data theft, and potential lateral movement within organizational environments.