CVE-2026-33000

CRITICAL

Ubiquiti INC UniFi OS Server < 5.0.8 - Improper Input Validation

Title source: rule

Description

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

References (1)

Core 1

Core References

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Scores

CVSS v3 9.1

EPSS 0.0111

EPSS Percentile 61.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (1)

Ubiquiti Inc/UniFi OS Server < 5.0.8

Published May 22, 2026

Tracked Since May 22, 2026