{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22557", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-07T15:39:03.439Z", "datePublished": "2026-03-19T14:24:51.910Z", "dateUpdated": "2026-03-19T15:03:43.144Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Network Application", "versions": [{"version": "10.1.89", "status": "affected", "lessThan": "10.1.89", "versionType": "semver"}, {"version": "10.2.97", "status": "affected", "lessThan": "10.2.97", "versionType": "semver"}, {"version": "9.0.118", "status": "affected", "lessThan": "9.0.118", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10, "baseSeverity": "CRITICAL"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-19T14:24:51.910Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T15:03:24.767998Z", "id": "CVE-2026-22557", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T15:03:43.144Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22557", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T15:03:24.767998Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T15:03:38.628Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UniFi Network Application", "versions": [{"status": "affected", "version": "10.1.89", "lessThan": "10.1.89", "versionType": "semver"}, {"status": "affected", "version": "10.2.97", "lessThan": "10.2.97", "versionType": "semver"}, {"status": "affected", "version": "9.0.118", "lessThan": "9.0.118", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b"}], "descriptions": [{"lang": "en", "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-19T14:24:51.910Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22557", "state": "PUBLISHED", "dateUpdated": "2026-03-19T15:03:43.144Z", "dateReserved": "2026-01-07T15:39:03.439Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-19T14:24:51.910Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account."}, {"lang": "es", "value": "Un actor malicioso con acceso a la red podr\u00eda explotar una vulnerabilidad de salto de ruta encontrada en la aplicaci\u00f3n UniFi Network para acceder a archivos en el sistema subyacente que podr\u00edan ser manipulados para acceder a una cuenta subyacente."}], "id": "CVE-2026-22557", "lastModified": "2026-04-30T16:14:36.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-03-19T15:16:23.533", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.1.89,10.1.89)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.97,10.2.97)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.118,9.0.118)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "UniFi Network Application", "source": "cna", "vendor": "Ubiquiti Inc"}, "product": "unifi_network_application", "vendor": "ubiquiti"}], "analysis": {"en": {"generated_at": "2026-03-19T16:50:50.374858+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011provided patch for the UniFi Network Application.", "If no patch is available, restrict network access to the controller to trusted devices only, for example by applying firewall rules to block untrusted segments.", "Monitor the Ubiquiti community advisory link for updates on patches or workarounds.", "Implement network segmentation to isolate the UniFi controller from untrusted segments to reduce exposure."], "summary": {"action": "Apply Patch", "impact": "File disclosure and account manipulation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Ubiquiti Inc's UniFi Network Application. No specific version information is supplied, so all installations should be considered at risk until vendor-disclosed details are available.", "description_and_impact": "A path traversal flaw in the UniFi Network Application allows an adversary with network access to read arbitrary files on the host and potentially manipulate files to gain access to underlying account credentials.", "risk_and_exploitability": "The CVSS score of 10 indicates maximum severity. EPSS data is not available and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector involves crafting HTTP requests to the UniFi controller over the local network to traverse directories and access files outside the intended scope, which could lead to further compromise if privileged accounts are reached."}}}}, "created": "2026-03-20T08:56:46.332317+00:00", "title": "Path Traversal Vulnerability in Ubiquiti UniFi Network Application Enabling Unauthorized File Access", "updated": "2026-03-20T14:14:51.736351+00:00", "vendors": ["ubiquiti", "ubiquiti$PRODUCT$unifi_network_application"]}