Attackers Control Underlying Ubiquiti Systems
A critical software vulnerability recently discovered in Ubiquiti’s UniFi Network app allows threat actors to steal user accounts. The Path Traversal requires no authentication or user interaction to execute remotely.
CVE-2026-22557 allows an attacker to retrieve or manipulate configuration files, databases, or keys from the system controller. Ultimately, bad actors obtain administrator credentials and execute malicious code, seizing full control of the Unifi server and connected devices. This results in the undermining of network security, the disruption of medical devices and IT systems, and the exposure of patient data. Furthermore, this weakness could allow manipulation of physical security devices such as door locks and cameras.
Also known as a Unifi Controller, versions 10.1.85 and earlier are impacted and should be upgraded to 10.1.89 or newer. Rated with the highest possible cvss score of 10, immediate patching is strongly advised. Until patching is complete, limit network access to the UniFi controller via a VPN or firewalls. Monitor network traffic for any unusual activities and ensure system backups are up to date in case of an incident.
| CVE | Action Required | Ratings |
| CVE-2026-22557 | Upgrade the Ubiquiti Unifi Network app or Unifi Controllers to version 10.1.89 or higher | CVSS 10 EPSS 0.05 CWE 22 |
Reference Links
Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.