Home / Vulnerability Intelligence / CVE-2026-22559

CVE-2026-22559 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 25, 2026

UniFi Network Server - Authentication Bypass

Published: March 24, 2026Updated: March 25, 2026Remote Exploitable

Overview

UniFi Network Server <= 10.1.85 contains an improper input validation vulnerability that allows attackers to gain unauthorized account access via social engineering, exploit requires victim to click a malicious link.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 6.9%(Probability of exploitation in next 30 days)

Impact

Attackers can gain unauthorized access to user accounts through social engineering.

Mitigation

Update UniFi Network Server to version 10.1.89 or later.

References

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 24, 2026

🟠 CVE-2026-22559 - High (8.8) An Improper Input Validation vulnerability in UniFi Network Server may allow unauthorized access to an account if the account owner is socially engineered into clicking a malicious link. Affected Products: UniFi Network Server (Version 10.1.... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22559/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-22559
Severity: High
CVSS Score: 8.8
Type: broken_authentication
Status: unconfirmed
EPSS: 6.9%
Social Posts: 1

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

6.9%Probability of exploitation in the next 30 days