CP
cyberpings
VulnerabilitiesHIGH

Ubiquiti UniFi Vulnerability - Account Takeover Risk Alert

BCBleepingComputer·Reporting by Sergiu Gatlan
📰 4 sources·Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Basically, a flaw in Ubiquiti's software can let hackers take over accounts easily.

Quick Summary

Ubiquiti has patched a critical vulnerability in the UniFi Network Application that could allow account takeovers. Users of versions 10.1.85 and earlier are at risk. Immediate updates are necessary to secure your network from exploitation.

The Flaw

Ubiquiti has recently addressed a maximum-severity vulnerability in its UniFi Network Application, tracked as CVE-2026-22557. This flaw allows attackers to exploit a path traversal vulnerability, enabling unauthorized access to sensitive files on the system. The affected versions are 10.1.85 and earlier, and users are urged to upgrade to 10.1.89 or later to mitigate this risk. The vulnerability is particularly concerning because it requires low complexity for exploitation, meaning attackers can perform the attack without needing user interaction.

In addition to this critical flaw, Ubiquiti also patched a second vulnerability that allows for privilege escalation. This flaw, identified as an Authenticated NoSQL Injection, can be exploited by users who already have some level of access, allowing them to gain higher privileges within the application.

What's at Risk

The implications of this vulnerability are significant. If exploited, attackers could potentially take control of user accounts, leading to unauthorized actions within the network. This could result in data breaches, unauthorized access to sensitive information, and even manipulation of network settings. Given Ubiquiti's role in managing various networking hardware, the risk extends beyond individual users to entire organizations relying on these systems for their operations.

Moreover, Ubiquiti products have been in the crosshairs of both state-sponsored hackers and cybercriminals in the past. The potential for these vulnerabilities to be exploited in broader attacks is a serious concern, especially in light of previous incidents where Ubiquiti devices were used to build botnets.

Patch Status

Ubiquiti has released patches to address these vulnerabilities, and it is crucial for users to update their systems promptly. The company recommends upgrading to version 10.1.89 or later to ensure that these vulnerabilities are effectively mitigated. Users should also review their network configurations and access controls to limit potential exploitation paths.

Failure to act could leave systems vulnerable to attacks that could compromise not just individual accounts but potentially the entire network infrastructure.

Immediate Actions

To protect your network from these vulnerabilities, follow these steps:

  • Update your UniFi Network Application to version 10.1.89 or later immediately.
  • Review user access levels and ensure that only necessary permissions are granted.
  • Monitor network activity for any unusual behavior that could indicate exploitation attempts.
  • Educate users about the risks associated with unauthorized access and the importance of maintaining strong security practices.

By taking these proactive measures, you can significantly reduce the risk posed by these vulnerabilities and safeguard your network against potential attacks.

🔒 Pro insight: The ease of exploitation for CVE-2026-22557 raises concerns about widespread attacks on unpatched devices in the wild.

Original article from

BCBleepingComputer· Sergiu Gatlan
Read Full Article

Also covered by

CYCyberScoop

Ubiquiti defect poses account takeover risk for UniFi Networking Application users

Read Article
SESecurity Affairs

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

Read Article
SCSC Media

Ubiquiti patches critical vulnerabilities in UniFi Network Application

Read Article
CYCyber Security News

Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems

Read Article

Share

Related Pings

CRITICALVulnerabilities

Fortinet FortiClient EMS - Critical 0-Day Vulnerability Exploited

A critical zero-day vulnerability in FortiClient EMS is actively exploited. Fortinet has released emergency patches and urges immediate action from users.

Cyber Security News·
HIGHVulnerabilities

Video Conferencing Bug - CISA Orders Agencies to Patch

A serious vulnerability in TrueConf video conferencing software is being exploited by Chinese hackers. CISA has mandated a two-week patch deadline for federal agencies. Immediate action is essential to safeguard sensitive data and communications.

The Record·
HIGHVulnerabilities

Post-Deployment Vulnerability Detection - Rethinking Strategies

A new approach to vulnerability detection is needed post-deployment. Many organizations overlook risks from newly disclosed CVEs, leaving systems exposed. Rethinking strategies can enhance security.

OpenSSF Blog·
HIGHVulnerabilities

Mobile Vulnerabilities - Enterprises Struggle with Control

Mobile devices are increasingly vulnerable due to outdated software and hidden threats like Shadow AI. This puts sensitive enterprise data at risk. Organizations must act to secure their mobile environments.

SecurityWeek·
HIGHVulnerabilities

CVE-2026-33691 - OWASP CRS Whitespace Padding Bypass Alert

A new vulnerability in OWASP CRS allows attackers to upload dangerous files by exploiting whitespace in filenames. This affects many web applications, risking severe security breaches. Immediate updates are necessary to protect your systems.

Full Disclosure·
HIGHVulnerabilities

MetInfo CMS Vulnerability - PHP Code Injection Risk

A critical vulnerability in MetInfo CMS could let attackers execute arbitrary PHP code. Versions 7.9, 8.0, and 8.1 are at risk. Stay alert for updates and potential fixes.

Full Disclosure·