CVE-2026-47370
CRITICALUbiquiti INC UniFi OS Server - Improper Input Validation
Title source: ruleDescription
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
References (1)
Core 1
Scores
CVSS v3
9.9
EPSS
0.0083
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (32)
Ubiquiti Inc/EFG
< 5.1.15
Ubiquiti Inc/ENVR
< 5.1.15
Ubiquiti Inc/ENVR-Core
< 5.1.15
Ubiquiti Inc/Express
< 4.0.15
Ubiquiti Inc/Express 7
< 5.1.15
Ubiquiti Inc/UCG-Fiber
< 5.1.15
Ubiquiti Inc/UCG-Industrial
< 5.1.15
Ubiquiti Inc/UCG-Max
< 5.1.15
Ubiquiti Inc/UCG-Ultra
< 5.1.15
Ubiquiti Inc/UCK
< 5.1.15
... and 22 more
Published
Jun 12, 2026
Tracked Since
Jun 12, 2026