Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

UniFi Network Application path traversal flaw (CVE-2026-22557)

Vulnerability
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-22557 in the UniFi Network Application is a path traversal flaw affecting version 10.1.85 and earlier that can expose files and enable possible account takeover. Ubiquiti fixed the bug in 10.1.89 or later. The attack is described as low-complexity and requires no user interaction, raising risk for exposed deployments.

Related Happenings

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

Sangoma FreePBX web shell exploitation wave (CVE-2025-64328)

Exploitation Wave
First: 27.02.2026 19:59 Last: 27.02.2026 19:59 Sources 1

About this happening: More than **900 Sangoma FreePBX** instances remain **web-shell infected** after an **ongoing exploitation wave** tied to **CVE-2025-64328**. The affected systems span the **U.S.**...

Open Happening

FortiGate firewalls CVE-2020-12812 active exploitation wave

Exploitation Wave
First: 29.12.2025 13:16 Last: 29.12.2025 13:16 Sources 1

About this happening: **FortiGate firewalls** with **LDAP-enabled** authentication paths are facing an **active exploitation wave** tied to **CVE-2020-12812**, a **2FA-bypass** flaw in **FortiOS**. Att...

Open Happening

Timeline

  1. 19.03.2026 15:00 2 articles · 2mo ago

    Ubiquiti patches CVE-2026-22557 in UniFi Network Application

    Mitigation Patch Update

    Ubiquiti patched CVE-2026-22557 in the UniFi Network Application, fixing a path traversal flaw that affected version 10.1.85 and earlier and was addressed in 10.1.89 or later. The vulnerability could let an unauthenticated attacker access files on the underlying system and potentially hijack user accounts, and Ubiquiti also fixed a second authenticated NoSQL injection flaw that could enable privilege escalation.

    Show sources
    Open in new tab