U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts. Ubiquiti patched two vulnerabilities in its UniFi Network app, including a maximum-severity flaw that could enable account takeover. The software is widely used to manage UniFi networking devices like access points, switches, and gateways. The Ubiquiti UniFi Network […]

Ubiquiti

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts.

Ubiquiti patched two vulnerabilities in its UniFi Network app, including a maximum-severity flaw that could enable account takeover. The software is widely used to manage UniFi networking devices like access points, switches, and gateways.

The Ubiquiti UniFi Network app is management software developed by Ubiquiti to control and monitor its UniFi networking devices.

It lets users configure, manage, and optimize hardware like Wi-Fi access points, switches, and gateways from a single dashboard. IT admins use it to set up networks, track performance, manage users, apply security settings, and troubleshoot issues, either locally or via the cloud.

The vendor addressed a maximum severity issue tracked as CVE-2026-22557 (CVSS score of 10.0), which affects UniFi Network application version 10.1.85 and earlier.

An attacker on the network could exploit a path traversal flaw in UniFi to access system files and potentially take over user accounts.

“A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.” reads the advisory.

Versions 10.1.89 or later addressed the vulnerability.

The second issue addressed by Ubiquiti, tracked as CVE-2026-22558 (CVSS score of 7.7), resides in the UniFi Network app, attackers with low privileges can exploit it for privilege escalation.

“An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges,” states the company.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, UniFi Network Application)