{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22558", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-07T15:39:03.440Z", "datePublished": "2026-03-19T14:24:51.794Z", "dateUpdated": "2026-03-19T15:04:36.698Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi Network Application", "versions": [{"version": "10.1.89", "status": "affected", "lessThan": "10.1.89", "versionType": "semver"}, {"version": "10.2.97", "status": "affected", "lessThan": "10.2.97", "versionType": "semver"}, {"version": "9.0.118", "status": "affected", "lessThan": "9.0.118", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-19T14:24:51.794Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-943", "lang": "en", "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T15:04:32.287183Z", "id": "CVE-2026-22558", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T15:04:36.698Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22558", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T15:04:32.287183Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-943", "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T15:04:19.179Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}}], "affected": [{"vendor": "Ubiquiti Inc", "product": "UniFi Network Application", "versions": [{"status": "affected", "version": "10.1.89", "lessThan": "10.1.89", "versionType": "semver"}, {"status": "affected", "version": "10.2.97", "lessThan": "10.2.97", "versionType": "semver"}, {"status": "affected", "version": "9.0.118", "lessThan": "9.0.118", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b"}], "descriptions": [{"lang": "en", "value": "An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-03-19T14:24:51.794Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22558", "state": "PUBLISHED", "dateUpdated": "2026-03-19T15:04:36.698Z", "dateReserved": "2026-01-07T15:39:03.440Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-03-19T14:24:51.794Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n NoSQL autenticada encontrada en la aplicaci\u00f3n UniFi Network podr\u00eda permitir a un actor malicioso con acceso autenticado a la red escalar privilegios."}], "id": "CVE-2026-22558", "lastModified": "2026-04-30T16:14:36.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2026-03-19T15:16:23.697", "references": [{"source": "support@hackerone.com", "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-943"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.1.89,10.1.89)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[10.2.97,10.2.97)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.0.118,9.0.118)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "UniFi Network Application", "source": "cna", "vendor": "Ubiquiti Inc"}, "product": "unifi_network_application", "vendor": "ubiquiti"}], "analysis": {"en": {"generated_at": "2026-03-19T16:22:48.612263+00:00", "value": {"mitigation_remediation": ["Check Ubiquiti\u2019s website or official release notes for a patch or update addressing the NoSQL injection flaw.", "Restrict or monitor authenticated access to the UniFi Network Application, ensuring least-privilege principles apply.", "Apply network segmentation or firewall rules to limit lateral movement from compromised accounts.", "Monitor logs for anomalous database queries or elevated privilege activity.", "Apply the vendor patch as soon as it is released to eliminate the vulnerability completely."], "summary": {"action": "Patch", "impact": "Privilege Escalation via NoSQL Injection"}, "threat_synthesis": {"affected_systems": "The flaw affects Ubiquiti Inc\u2019s UniFi Network Application. No specific version information has been supplied in the advisory, indicating that all current releases may be susceptible until a patch is released. Users should verify whether their deployed version is impacted by reviewing the vendor\u2019s support pages or release notes.", "description_and_impact": "An authenticated NoSQL Injection flaw exists in Ubiquiti\u2019s UniFi Network Application, enabling an attacker who has valid credentials to inject arbitrary database queries. The vulnerability, classified under CWE-943, allows escalation of privileges, potentially granting the attacker elevated access and control over the network\u2019s management functions. According to the vendor\u2019s description, an attacker could modify data and access sensitive information or execute further malicious actions on the affected device.", "risk_and_exploitability": "The CVSS score of 7.7 categorizes this vulnerability as high severity. While EPSS data is not available, the requirement for authenticated access limits its exploitation to insiders or compromised credentials rather than remote attackers. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed public exploits to date. Nonetheless, the potential for privilege escalation warrants immediate attention and remediation once a vendor fix becomes available."}}}}, "created": "2026-03-20T08:56:47.273830+00:00", "title": "Authenticated NoSQL Injection Allowing Privilege Escalation in UniFi Network Application", "updated": "2026-03-20T14:14:53.002857+00:00", "vendors": ["ubiquiti", "ubiquiti$PRODUCT$unifi_network_application"]}