CVE-2026-47369

CRITICAL

Ubiquiti INC UniFi OS Server - Improper Input Validation

Title source: rule

Description

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

References (1)

Core 1

Core References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Scores

CVSS v3 9.9

EPSS 0.0030

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (32)

Ubiquiti Inc/EFG < 5.1.15

Ubiquiti Inc/ENVR < 5.1.15

Ubiquiti Inc/ENVR-Core < 5.1.15

Ubiquiti Inc/Express < 4.0.15

Ubiquiti Inc/Express 7 < 5.1.15

Ubiquiti Inc/UCG-Fiber < 5.1.15

Ubiquiti Inc/UCG-Industrial < 5.1.15

Ubiquiti Inc/UCG-Max < 5.1.15

Ubiquiti Inc/UCG-Ultra < 5.1.15

Ubiquiti Inc/UCK < 5.1.15

... and 22 more

Published Jun 12, 2026

Tracked Since Jun 12, 2026