CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-22557

CVSS 10.0v3.1pub. 2026-03-19upd. 2026-04-30

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

🤖 AI Analysis
How it works

An attacker with access to the network where UniFi Network Application operates can send crafted requests containing path traversal sequences (e.g., '../'), which allow exiting the application's permitted directory. This makes it possible to read arbitrary files from the host operating system. These files can then be used to gain access to system accounts or other resources of the protected environment.

Impact

An attacker may gain unauthorized access to sensitive system files, including configuration files or authentication data, which may lead to system account takeover and further compromise of the environment.

Mitigation & patch

Apply patches available from the manufacturer according to references — detailed information about corrected software versions is available in the Ubiquiti security bulletin at: https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

Who is affected

UniFi Network Application — versions indicated in manufacturer references (Ubiquiti Security Advisory Bulletin-062)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References