EIP-2026-100919

PRE-CVE

Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100919. PoCs published by KoreLogic.

AI-analyzed exploit summary This is a proof-of-concept exploit for a CSRF to Remote Command Execution vulnerability in Ubiquiti Administration Portal. It demonstrates how an attacker can leverage CSRF and command injection to execute arbitrary commands on affected devices.

Description

Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)

Exploits (1)

exploitdb WORKING POC

by KoreLogic · htmlwebappscgi

https://www.exploit-db.com/exploits/40044

View Code ZIP pw:eip

This is a proof-of-concept exploit for a CSRF to Remote Command Execution vulnerability in Ubiquiti Administration Portal. It demonstrates how an attacker can leverage CSRF and command injection to execute arbitrary commands on affected devices.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ubiquiti AirGateway, AirFiber, mFi (versions 1.1.6, 3.2, 2.1.11)

Auth required

Prerequisites: Authenticated session on the target device · Social engineering to trick an admin into visiting a malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026