CVE-2026-47370 PUBLISHED

Assigner: hackerone
Reserved: 19.05.2026 Published: 12.06.2026 Updated: 12.06.2026

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.9

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Ubiquiti Inc
Product	UniFi OS Server
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	Express
Versions	Default: unaffected affected from 0 to 4.0.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Pro
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-SE
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Pro-Max
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Beast
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	EFG
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDW
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDR
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDR7
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UDR-5G
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	Express 7
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-Pro
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-Instant
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-G2
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-G2-Pro
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	ENVR
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	ENVR-Core
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-2
Versions	Default: unaffected affected from 0 to 5.1.16 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-4
Versions	Default: unaffected affected from 0 to 5.1.16 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-Pro
Versions	Default: unaffected affected from 0 to 5.1.16 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-Pro-4
Versions	Default: unaffected affected from 0 to 5.1.16 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-Pro-8
Versions	Default: unaffected affected from 0 to 5.1.16 (excl.)

Vendor	Ubiquiti Inc
Product	UCKP
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCK
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCK-Enterprise
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Ultra
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Max
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Fiber
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Industrial
Versions	Default: unaffected affected from 0 to 5.1.15 (excl.)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Problem Types

CWE-20 Improper Input Validation CWE