Ubiquiti has released corrections for two important vulnerabilities in its UniFi Network management software (also known as UniFi Controller), the tool many administrators use to configure, monitor and optimize access points, switches and gateways from the UniFi family. One of the failures, listed with maximum severity, would allow an attacker to take control of user accounts without the need for interaction by the victim, which makes the update a priority for any exposed deployment.
The manufacturer describes UniFi Network as a platform that "combines powerful Internet gateways with scalable Wi-Fi and switching" and offers real-time traffic panels and visual topology maps; it also recommends as a preferred way of deployment the use of a UniFi Cloud Gateway rather than hosting it on a self-hosted server or equipment. You can see the official introduction to the Ubiquiti help center: help.ui.com - UniFi Network.
The most serious vulnerability, recorded as CVE-2026-22557, affects the versions 10.1.85 and above of the UniFi Network Application and was fixed in the versions 10.1.89 below. According to the company's own technical note, an attacker with network access could abuse a condition of path traversal to read files from the underlying system that, in turn, could be manipulated to get access to internal accounts. The alarming feature of this failure is that its exploitation is considered to be of low complexity and does not require user interaction, which makes it easier for malicious actors already on the same network to scale their impact; Ubiquiti's recommendation and patch details are available in your public notice: Ubiquiti Community - Security Advisory.
The second corrected vulnerability is a NoSQL injection that requires authentication, but is also dangerous because it allows a user with credentials or initial access to the system to raise their privileges within the application. NoSQL database injections are a known vector and their operation and mitigation are well documented by the security community; if you want to deepen technical concepts, OWASP maintains an explanatory input on NoSQL Injection, and in the case of cross-border path you can see the OWASP guide on Path Traversal.
These corrections come in a context in which Ubiquiti's network products have often appeared as attractive targets for state actors and criminal gangs. In recent years, campaigns that committed routers and other devices to build botnets or as pivot points in more complex operations have been documented, so any vulnerability in management software that facilitates accountability or the escalation of privileges deserves immediate attention by managers and security officials.
If you manage a UniFi installation, the essential and first-hand step is to update: install version 10.1.89 or higher of the UniFi Network Application as soon as possible. Beyond the patch, it is appropriate to review the deployment architecture: if your controller is directly exposed to unreliable networks, it is worth moving it to a separate management network or deploying it to a UniFi Cloud Gateway, as recommended by the manufacturer. Limiting access to the management port by firewall and VPN rules and applying multifactor authentication (MFA) in administrative accounts are measures that significantly reduce the risk of exploitation even if new vulnerabilities arise.
Nor should we forget the operational practices: the rotation of credentials, the audit and periodic review of log in search of anomalous access, the backup of the configuration and a clear inventory of installed versions help both to detect commitments and to regain control if something goes wrong. For organizations with more stringent requirements, isolate the management plan in a dedicated VLAN, create white lists of IP addresses that can access the controller and review external integrations are prudent steps.
Finally, it is appropriate to maintain a proactive position on information about threats and public warnings: to subscribe to the manufacturer's updates and security agency bulletins, and to validate patches before they are deployed in production, is the most responsible way to manage critical infrastructure. You can read the CVE record for more technical details about the main failure at: CVE-2026-22557 and review Ubiquiti's official notice here: Ubiquiti Security Communiqué. If you need practical guidance to audit or harden a Unifi deployment, the manufacturer's own documentation and specialized community resources are a good starting point.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...