Ethical Hacking News
A recent vulnerability discovered in Ubiquiti's UniFi Network application could potentially allow attackers to hijack user accounts, putting sensitive information at risk. The company has since patched the issue, but users are still advised to take proactive steps to protect their networks.
Ubiquiti has fixed two significant security vulnerabilities in its UniFi Network application, including a critical flaw that could allow attackers to take over user accounts. A path traversal vulnerability and an authenticated NoSQL injection vulnerability were patched by Ubiquiti. These vulnerabilities pose a risk for attackers with low privileges on the network to exploit and gain higher levels of access. Ubiquiti has stated that versions 10.1.89 or later are now secure against these vulnerabilities. IT administrators should take proactive steps to upgrade their software to ensure they remain protected against this critical flaw.
Ubiquiti has recently announced that it had fixed two significant security vulnerabilities in its UniFi Network application, including a critical flaw that could allow attackers to take over user accounts. The company's efforts to address these weaknesses come as a response to the growing number of cyber threats and data breaches that have been targeting network management software.
The UniFi Network app is widely used by IT administrators to manage and configure hardware such as Wi-Fi access points, switches, and gateways from a single dashboard. However, this software has now become a potential target for malicious actors who seek to exploit its vulnerabilities.
According to Pierluigi Paganini, security researcher at Security Affairs, the critical flaw discovered in UniFi version 10.1.85 or earlier is a path traversal vulnerability that could be used by attackers to access system files and manipulate underlying accounts. This means that an attacker with sufficient privileges on the network could potentially gain access to sensitive information or even take control of an entire user account.
In addition, Ubiquiti also patched a second issue tracked as CVE-2026-22558, which is an authenticated NoSQL injection vulnerability in the UniFi Network application. While this flaw may not be as severe as the path traversal vulnerability, it still poses a risk for attackers with low privileges on the network to exploit and gain higher levels of access.
The patching of these two vulnerabilities by Ubiquiti comes as part of its ongoing efforts to prioritize security and protect its customers from potential threats. The company has stated that versions 10.1.89 or later are now secure against these vulnerabilities, and IT administrators can take steps to upgrade their software to ensure they remain protected.
Pierluigi Paganini also highlighted the importance of users taking proactive steps to address this vulnerability. By upgrading their software to the latest version, IT administrators can minimize their exposure to potential threats and protect their networks from account hijacking attempts.
Furthermore, it is worth noting that this critical UniFi flaw highlights the ongoing importance of cybersecurity in today's digital landscape. As more companies rely on network management software, such vulnerabilities pose a significant risk to sensitive information and user accounts.
In conclusion, Ubiquiti's recent patching of its UniFi Network application has addressed two serious security vulnerabilities that could potentially allow attackers to take over user accounts. The company's efforts demonstrate the importance of cybersecurity in protecting networks from malicious actors. IT administrators should take proactive steps to upgrade their software to ensure they remain protected against this critical flaw.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-UniFi-Flaw-Exposed-The-Potential-for-Account-Hijacking-ehn.shtml
https://securityaffairs.com/189689/security/critical-ubiquiti-unifi-unifi-security-flaw-allows-potential-account-hijacking.html
https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-unifi-flaw-that-may-enable-account-takeover/
https://cybersecuritynews.com/ubiquiti-unifi-devices-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2026-22558
https://www.cvedetails.com/cve/CVE-2026-22558/
Published: Thu Mar 19 17:21:41 2026 by llama3.2 3B Q4_K_M
