Cybersecuritynews
Critical Ubiquiti UniFi Vulnerabilities Enable Account Takeover
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Ubiquiti has disclosed two critical vulnerabilities in its UniFi Network Application, including CVE-2026-22557, a path traversal flaw that allows unauthenticated attackers to potentially take over user accounts. This vulnerability affects versions 10.1.85 and earlier of the UniFi Network Application, which is widely used for managing networking hardware. The second vulnerability, CVE-2026-22558, is a NoSQL injection flaw that allows authenticated users to escalate their privileges. Ubiquiti has released patches in versions 10.1.89 and later to address these issues. Organizations are urged to update their systems immediately to mitigate the risks. The vulnerabilities could lead to significant security breaches, given the popularity of Ubiquiti's products among both state-backed and criminal actors. Ubiquiti has a history of being targeted, highlighting the ongoing risks associated with its devices.
Key Points: • CVE-2026-22557 allows unauthenticated attackers to take over user accounts. • CVE-2026-22558 enables privilege escalation for authenticated users. • Patches are available in versions 10.1.89 and later; immediate updates are recommended.