Researchers and threat hunters are scrambling to contain a maximum-severity defect in Ubiquiti’s UniFi Network Application that attackers could exploit to take over user accounts by accessing and manipulating files.
The path-traversal vulnerability — CVE-2026-22557 — affects software used to manage UniFi networking devices, including access points, gateways and switches. The vendor disclosed and released patches for the defect in a security advisory Wednesday.
“As of this morning, we have not observed any public proof-of-concept exploits or confirmed reports of exploitation in the wild,” Matthew Guidry, senior product detection engineer at Censys, told CyberScoop.
“However, because this is a path-traversal vulnerability, the technical complexity for an attacker is typically lower than memory-corruption or buffer-overflow bugs,” he added. “Given that the CVSS 10 rating implies low attack complexity, we anticipate that once the specific vulnerable endpoint is identified, exploitation will be trivial to automate.”
Censys sensors observed nearly 88,000 UniFi Network Application hosts publicly exposed to the internet as of Friday morning. The software doesn’t expose what version it’s running, so scans cannot distinguish between vulnerable and patched instances.
Roughly one-third of the exposed instances of UniFi Network Application are located in the United States.
As a defender, when you see a CVSS 10 for a product you immediately recognize and know is everywhere, you probably get a bit anxious,” Guidry said. “You also know it’s remotely exploitable, requires no authentication, and needs no user interaction, because it wouldn’t be a 10 if it wasn’t. Ubiquiti is a name you hear frequently, and many of those devices are sitting directly on the internet.”
Ubiquiti advises UniFi Network Application users to update to the latest software versions, which also addressed a second vulnerability — CVE-2026-22558 — that attackers could exploit to escalate privileges.
