Cyber Resilience

CVE-2026-22559

High

Published: 24 March 2026

Published
24 March 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0032 23.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22559 is a high-severity Improper Input Validation (CWE-20) vulnerability in Ui (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked at the 23.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22559 is an Improper Input Validation vulnerability (CWE-20) affecting UniFi Network Server versions 10.1.85 and earlier. The flaw enables unauthorized access to an account when the legitimate account owner is tricked via social engineering into clicking a malicious link. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability can be exploited remotely by any unauthenticated attacker (PR:N) with low attack complexity (AC:L) over the network (AV:N), but it requires user interaction (UI:R) in the form of the target clicking a malicious link. Successful exploitation grants the attacker unauthorized access to the victim's account, potentially allowing full compromise of the affected UniFi Network Server instance with high impacts across all security pillars.

Ubiquiti's security advisory recommends updating UniFi Network Server to version 10.1.89 or later to mitigate the vulnerability. Additional details are available in the official bulletin at https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.85 and earlier) Mitigation: Update UniFi…

more

Network Server to Version 10.1.89 or later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

Vulnerability is directly triggered by user clicking a crafted malicious link (social engineering), enabling account compromise via improper input validation on a public-facing server.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1080Shared CWE-20
CVE-2026-27959Shared CWE-20
CVE-2025-29814Shared CWE-20
CVE-2026-21864Shared CWE-20
CVE-2026-22862Shared CWE-20
CVE-2025-1022Shared CWE-20
CVE-2025-48913Shared CWE-20
CVE-2026-8000Shared CWE-20
CVE-2025-59028Shared CWE-20
CVE-2025-67484Shared CWE-20

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation (CWE-20) flaw by requiring the system to validate inputs like malicious links before processing.

prevent

Ensures timely identification, reporting, and patching of flaws such as this CVE via vendor updates to version 10.1.89 or later.

prevent

Requires receiving and implementing security advisories like Ubiquiti's bulletin, enabling prompt mitigation through updates.

References