Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-22558 |
| Alert Source | Ubiquiti Security Advisory Bulletin 056 |
| CVE Publication Year | 2026 |
| Date Published | 2026-03-18 |
| Vendor | Ubiquiti |
| Product | UniFi Network Application |
| CVSS Score | 7.7 (High) |
| Vulnerability Type | NoSQL Injection (CWE-943) |
| Authentication | Required |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
CVE-2026-22558 is a NoSQL Injection vulnerability in the UniFi Network Application that allows an authenticated attacker with network access to escalate their privileges within the application.
Ubiquiti has not disclosed details about the exact scope of privilege escalation.
Attack Chain with CVE-2026-22557
When combined with the critical CVE-2026-22557 (Path Traversal, CVSS 10.0), a dangerous attack chain emerges:
- CVE-2026-22557: Unauthenticated file access → account takeover
- CVE-2026-22558: Privilege escalation of compromised account → full control
Affected Products and Versions
| Product | Vulnerable Versions | Fixed Version |
|---|---|---|
| UniFi Network Application (Official) | <= 10.1.85 | 10.1.89 |
| UniFi Network Application (RC) | <= 10.2.93 | 10.2.97 |
| UniFi Express (UX) firmware | <= 9.0.114 | 4.0.13 |
Required Actions
- Update UniFi Network Application to version 10.1.89 or later
- UniFi Express: update firmware to 4.0.13
- Review user accounts in UniFi for unauthorized privilege changes
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
How can nFlo help?
If your organization uses products affected by this vulnerability, contact us. We can help with:
- Verifying whether your systems are at risk
- Implementing patches and risk mitigation
- Monitoring for exploitation attempts in your environment
Useful resources:
