CVE-2026-22557 Unifi — Exploit & Vulnerability Details CRITICAL

CVE-2026-22557

CRITICAL CVSS 3.1: 10.0 EPSS 0.05%

Parameter	Value
CVSS	10.0 (CRITICAL)
Type	CWE-22 (Path Traversal)
Vendor	Unifi
Public PoC	No

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

References 1

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-4…

support@hackerone.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22558

Unifi

7.7

CVE-2025-23119

Unifi

7.5

CVE-2025-23118

Unifi

6.4

CVE-2025-23117

Unifi

6.8

CVE-2025-23116

Unifi

9.6

Menu

CVE-2026-22557

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-22558

CVE-2025-23119

CVE-2025-23118

CVE-2025-23117

CVE-2025-23116

CVE Details

Editor's Choice

Menu

CVE-2026-22557

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-22558

CVE-2025-23119

CVE-2025-23118

CVE-2025-23117

CVE-2025-23116

CVE Details

Editor's Choice

Stay informed on cybersecurity