High severity7.7NVD Advisory· Published Mar 19, 2026· Updated Apr 30, 2026
CVE-2026-22558
CVE-2026-22558
Description
An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
1- Ubiquiti patches three max severity UniFi OS vulnerabilitiesBleepingComputer · May 22, 2026