CVE-2026-22559 PUBLISHED

Assigner: hackerone
Reserved: 07.01.2026 Published: 24.03.2026 Updated: 24.03.2026

An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link.

Affected Products: UniFi Network Server (Version 10.1.85 and earlier)

Mitigation: Update UniFi Network Server to Version 10.1.89 or later.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Ubiquiti Inc
Product	UniFi Network Server
Versions	Default: unaffected affected from 10.1.89 to 10.1.89 (excl.)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b