CVE-2026-22558

Summary

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Network Application10.1.89 < 10.1.89affected
Ubiquiti IncUniFi Network Application10.2.97 < 10.2.97affected
Ubiquiti IncUniFi Network Application9.0.118 < 9.0.118affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References