CVE-2026-22557

Critical

Published: 19 March 2026

Published

19 March 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0003 10.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22557 is a critical-severity Path Traversal (CWE-22) vulnerability in Ui (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents path traversal exploitation by validating and sanitizing untrusted inputs to block directory traversal sequences in the UniFi Network Application.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and patching of flaws like this critical path traversal vulnerability per Ubiquiti's Security Advisory Bulletin 062.

AC-3 Access Enforcement good match

prevent

Enforces strict access control policies to restrict unauthorized file reads and manipulations on the underlying system even if traversal inputs are processed.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

Why these techniques?

Path traversal in public-facing UniFi app directly enables remote unauthenticated file read/manipulation (T1190 initial access), arbitrary local file access (T1005), and directory/file enumeration (T1083).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

Deeper analysisAI

CVE-2026-22557 is a Path Traversal vulnerability (CWE-22) in the UniFi Network Application. A malicious actor with access to the network can exploit this flaw to access files on the underlying system. Published on 2026-03-19 with a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), it represents a critical risk due to its network accessibility, lack of prerequisites, and potential for high confidentiality, integrity, and availability impacts.

The vulnerability enables remote attackers with network access and no required privileges or user interaction to traverse paths and read arbitrary files on the affected system. Successful exploitation allows manipulation of accessed files, potentially leading to compromise of an underlying account. The changed scope (S:C) indicates the attack can affect resources beyond the vulnerable component itself.

Ubiquiti's Security Advisory Bulletin 062, available at https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b, provides guidance on mitigation and patching for the UniFi Network Application.