Cyber Posture

CVE-2026-22558

High

Published: 19 March 2026

Published
19 March 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0001 3.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22558 is a high-severity Improper Neutralization of Special Elements in Data Query Logic (CWE-943) vulnerability in Ui (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents NoSQL injection (CWE-943) by validating and sanitizing user inputs used in NoSQL queries, blocking malicious privilege escalation attempts.

SI-2 Flaw Remediation good match
prevent

Remediates the specific authenticated NoSQL injection flaw through timely identification, reporting, and patching as per Ubiquiti's Security Advisory Bulletin 062.

AC-6 Least Privilege partial match
prevent

Limits the scope and impact of privilege escalation from low-privilege (PR:L) accounts by enforcing least privilege principles.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Authenticated NoSQL injection directly enables privilege escalation (T1068) with scope change and high confidentiality impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

Deeper analysisAI

CVE-2026-22558 is an authenticated NoSQL injection vulnerability (CWE-943) in the UniFi Network Application. Published on 2026-03-19T15:16:23.697, it carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). The flaw enables a malicious actor with authenticated network access to escalate privileges through improper handling of NoSQL queries.

An attacker requires low privileges (PR:L) and authenticated access to the network to exploit this vulnerability remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation changes scope (S:C), yielding high confidentiality impact (C:H) via privilege escalation, potentially exposing sensitive data without integrity or availability disruption.

Ubiquiti's Security Advisory Bulletin 062 details mitigation and patching information at https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b.

Details

CWE(s)
CWE-943

Affected Products

Ui
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-32248Shared CWE-943
CVE-2025-24787Shared CWE-943
CVE-2026-41327Shared CWE-943
CVE-2026-28211Shared CWE-943
CVE-2025-36442Shared CWE-943
CVE-2026-41328Shared CWE-943
CVE-2026-29793Shared CWE-943
CVE-2026-30941Shared CWE-943
CVE-2026-40352Shared CWE-943
CVE-2026-40351Shared CWE-943

References