CVE-2026-47370 - Vulnerability Details

Description

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

Published: 2026-06-12

Score: 9.9 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ubiquiti Inc

UniFi OS Server

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

Express

unaffected

Version	Status	Constraints
`0`	affected	< 4.0.15

Ubiquiti Inc

UDM

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-SE

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-Pro-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-Beast

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

EFG

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDW

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDR7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDR-5G

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

Express 7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-Instant

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-G2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-G2-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

ENVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

ENVR-Core

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNAS-2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-Pro-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-Pro-8

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UCKP

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCK

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCK-Enterprise

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Ultra

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Fiber

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Industrial

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

No data.

Vendor Product Confidence Versions

Ubiquiti

Efg

86%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Envr

87%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Envr-core

90%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Express

100%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Ucg-fiber

90%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Ucg-industrial

92%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Ucg-max

89%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Ucg-ultra

90%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Uck

86%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Uck-enterprise

92%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Uckp

87%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udm

86%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udm-beast

90%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udm-pro

89%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udm-pro-max

91%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udm-se

88%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udr

86%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udr-5g

88%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udr7

87%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Udw

86%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Unas-2

88%

Version	Status	Scheme	Platform
`[0,5.1.16)`	affected	semver	—

Ubiquiti

Unas-4

88%

Version	Status	Scheme	Platform
`[0,5.1.16)`	affected	semver	—

Ubiquiti

Unas-pro

89%

Version	Status	Scheme	Platform
`[0,5.1.16)`	affected	semver	—

Ubiquiti

Unas-pro-4

90%

Version	Status	Scheme	Platform
`[0,5.1.16)`	affected	semver	—

Ubiquiti

Unas-pro-8

90%

Version	Status	Scheme	Platform
`[0,5.1.16)`	affected	semver	—

Ubiquiti

Unifi Os Server

100%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Unvr

87%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Unvr-g2

89%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Unvr-g2-pro

91%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Unvr-instant

91%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Ubiquiti

Unvr-pro

89%

Version	Status	Scheme	Platform
`[0,5.1.15)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00834.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

History

Fri, 12 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Server Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro
Vendors & Products		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Server Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro

Fri, 12 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 12 Jun 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
Weaknesses		CWE-20
References		https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a
Metrics		cvssV3_1 `{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Ubiquiti Efg Envr Envr-core Express Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Server Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-06-12T02:27:43.642Z

Updated: 2026-06-13T03:55:51.078Z

Reserved: 2026-05-19T15:00:09.320Z

Link: CVE-2026-47370

Vulnrichment

Updated: 2026-06-12T14:07:18.328Z

NVD

Status : Deferred

Published: 2026-06-12T04:17:06.657

Modified: 2026-06-12T16:10:10.070

Link: CVE-2026-47370

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-12T20:21:06Z

Weaknesses

CWE-20

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object