Ubiquiti patches UniFi flaw that may enable takeover
🔒 Ubiquiti has released patches for two vulnerabilities in the UniFi Network application, including a maximum-severity path traversal flaw tracked as CVE-2026-22557. The path traversal affects versions up to 10.1.85 and is addressed in 10.1.89 and later; a separate authenticated NoSQL injection that could enable privilege escalation has also been fixed. Administrators should update to 10.1.89 or later and apply vendor fixes to mitigate account takeover and escalation risks.