Ubiquiti UniFi CVE-2026-22557 (CVSS 10): Third Max-Severity Flaw in a Year — Why Network Engineers Must Patch Now
CVE-2026-22557 is a CVSS 10.0 path traversal vulnerability in Ubiquiti’s UniFi Network Application that allows unauthenticated attackers with network access to take over any account — including admin. It was patched on March 18, 2026, but here’s the alarming part: this is the third maximum-severity vulnerability in UniFi Network Application within 12 months. That’s not a bug — that’s a pattern. Key Takeaway: Network management platforms — whether Cisco FMC, Cisco vManage, or Ubiquiti UniFi — are the #1 attack surface in 2026. Three CVSS 10.0 flaws in one product in one year means the architecture has systemic issues, and network engineers must treat every management interface as a high-value target requiring isolation, access controls, and aggressive patching. ...