Ubiquiti disclosed two vulnerabilities in its UniFi Network Application, including a critical-severity flaw (CVSS 9.8) that may allow remote attackers to take over user accounts without physical access or valid credentials. Organizations running UniFi Network Application across enterprise, campus, and SMB environments are potentially exposed until the emergency patch is applied. Unauthorized account takeover could grant attackers full administrative control over network infrastructure, enabling lateral movement, traffic interception, or persistent access. CVE assignment is pending, refer to Ubiquiti Security Advisory Bulletin 062 for the most current vulnerability details and affected version ranges.