Thanks for maintaining this project!

Ubiquiti published Security Advisory Bulletin 062 today (March 18, 2026) covering two vulnerabilities in the UniFi Network Application. One of them is a CVSS 10.0 — wanted to flag it here so the default image tag gets updated.

CVE-2026-22557 — Path Traversal (CVSS 10.0 Critical)

A network-accessible attacker with no authentication required can exploit a path traversal vulnerability to read files from the underlying system, potentially gaining access to system accounts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H — no auth, no user interaction, full impact across all three pillars.

Affected versions:

• Official: ≤ 10.1.85 → fix in 10.1.89
• RC: ≤ 10.2.93 → fix in 10.2.97
• UniFi Express (UX): ≤ 9.0.114 → fix via firmware 4.0.13 (bundles Network app 9.0.118)

CVE-2026-22558 — Authenticated NoSQL Injection (CVSS 7.7 High)

An authenticated user on the network can exploit a NoSQL injection vulnerability to escalate their privileges.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Same affected versions and fixes as above.

What needs updating

The image should be pinned to at minimum UniFi Network Application 10.1.89. The CVE-2026-22557 being a 10.0 with no auth required means anyone running an exposed instance on an earlier version is at serious risk.

I wanted to create a discussion on this in case since I didn't see one when I searched the repo.