VYPR

Unifi Network Application

by Ubiquiti Inc

CVEs (8)

  • CVE-2026-22557CriMar 19, 2026
    risk 0.65cvss 10.0epss 0.16

    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.

  • CVE-2023-28365CriJul 1, 2023
    risk 0.59cvss 9.1epss 0.01

    A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

  • CVE-2024-42028HigOct 28, 2024
    risk 0.57cvss 8.8epss 0.00

    A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.

  • CVE-2024-42025HigSep 13, 2024
    risk 0.51cvss 7.8epss 0.01

    A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

  • CVE-2026-22558HigMar 19, 2026
    risk 0.50cvss 7.7epss 0.01

    An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

  • CVE-2023-41721MedOct 25, 2023
    risk 0.34cvss 5.3epss 0.01

    Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with…

  • CVE-2023-32000MedJul 8, 2023
    risk 0.31cvss 4.8epss 0.00

    A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.

  • CVE-2025-52665Oct 30, 2025
    risk 0.02cvss epss 0.41

    A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version…