Description
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
Published: 2026-05-22
Score: 10 Critical
EPSS: 78.6% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Input Validation flaw (CWE‑20) that allows a malicious actor with network access to supply crafted data to a UniFi OS device and cause it to execute arbitrary operating‑system commands with device privileges. This flaw enables the execution of commands supplied by an attacker, potentially compromising the device's integrity and confidentiality.

Affected Systems

Affected products include Ubiquiti Inc EFG, Ubiquiti Inc ENVR, Ubiquiti Inc ENVR‑Core, Ubiquiti Inc Express 7, Ubiquiti Inc UCG‑Fiber, Ubiquiti Inc UCG‑Industrial, Ubiquiti Inc UCG‑Max, Ubiquiti Inc UCG‑Ultra, Ubiquiti Inc UCK, Ubiquiti Inc UCK‑Enterprise, Ubiquiti Inc UCKP, Ubiquiti Inc UDM, Ubiquiti Inc UDM‑Beast, Ubiquiti Inc UDM‑Pro, Ubiquiti Inc UDM‑Pro‑Max, Ubiquiti Inc UDM‑SE, Ubiquiti Inc UDR, Ubiquiti Inc UDR‑5G, Ubiquiti Inc UDR7, Ubiquiti Inc UDW, Ubiquiti Inc UNAS‑2, Ubiquiti Inc UNAS‑4, Ubiquiti Inc UNAS‑Pro, Ubiquiti Inc UNAS‑Pro‑4, Ubiquiti Inc UNAS‑Pro‑8, Ubiquiti Inc UNVR, Ubiquiti Inc UNVR‑G2, Ubiquiti Inc UNVR‑G2‑Pro, Ubiquiti Inc UNVR‑Instant, Ubiquiti Inc UNVR‑Pro, and Ubiquiti Inc UniFi OS Server. No specific version information is reported.

Risk and Exploitability

The flaw has a CVSS score of 10, indicating maximum severity. The EPSS score of 79% demonstrates a high likelihood of exploitation, and the vulnerability is listed in the CISA KEV catalog. The likely attack vector is remote access via the device’s management interfaces, inferred from the requirement that the attacker must have network access to deliver crafted input. Successful exploitation would enable the attacker to run arbitrary commands on the device with the privileges granted to the system process handling the input.

Generated by OpenCVE AI on June 25, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply all available firmware updates or the official patch released by Ubiquiti for affected UniFi OS devices as soon as it is available.
  • Ensure that the device’s firmware implements stringent input validation: reject any unexpected or malformed data on the management interfaces, and employ whitelist-based filtering for parameters that can influence command execution.
  • Limit exposure of the devices’ management interfaces by implementing strict network segmentation so that only trusted IP ranges can reach them.
  • Disable or block any unused management interfaces or services that are not required for normal operation.

Generated by OpenCVE AI on June 25, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Command Injection via Improper Input Validation on UniFi OS Devices

Wed, 24 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Title Command Injection via Improper Input Validation on UniFi OS Devices

Wed, 24 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution Exploit via Improper Input Validation on UniFi OS Devices

Wed, 24 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution Exploit via Improper Input Validation on UniFi OS Devices

Tue, 23 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Remote Command Injection via Improper Input Validation on Ubiquiti UniFi OS Devices

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Title Remote Command Injection via Improper Input Validation on Ubiquiti UniFi OS Devices
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-23T00:00:00+00:00', 'dueDate': '2026-06-26T00:00:00+00:00'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in UniFi OS Devices via Improper Input Validation

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in UniFi OS Devices via Improper Input Validation

Wed, 17 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Title Command Injection via Improper Input Validation in UniFi OS Devices

Tue, 16 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Title Command Injection via Improper Input Validation in UniFi OS Devices

Sat, 13 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in UniFi OS Devices Enables Command Injection

Fri, 12 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in UniFi OS Devices Enables Command Injection

Wed, 10 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in UniFi OS Devices

Fri, 22 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 22 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Command Injection Vulnerability in UniFi OS Devices

Fri, 22 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Ubiquiti Efg Envr Envr-core Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-24T03:55:52.177Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34910

cve-icon Vulnrichment

Updated: 2026-05-22T12:50:29.057Z

cve-icon NVD

Status : Deferred

Published: 2026-05-22T02:16:34.527

Modified: 2026-06-17T10:39:49.473

Link: CVE-2026-34910

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T14:45:02Z

Weaknesses
  • CWE-20

    Improper Input Validation