Description
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
Published: 2026-06-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic Path Traversal flaw that allows an attacker with network access to read arbitrary files on UniFi OS devices. The flaw resides in the way file paths are handled by the management interface, permitting an attacker to request files outside the intended directory. Successful exploitation would grant the attacker access to configuration data, logs, and potentially sensitive information stored on the device, without requiring authentication. This breach represents a clear compromise of confidentiality.

Affected Systems

Affected products include a wide range of Ubiquiti devices that run UniFi OS. These encompass router and switch platforms such as UDM, UDR, UDR-5G, UDR7, UNAS, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UNVR and its variants, as well as the EFG, ENVR, ENVR-Core, Express, Express 7, UCG-Fiber, UCG-Industrial, UCG-Max, UCG-Ultra, UCK, UCK-Enterprise, UCKP, UniFi OS Server, and related hardware. The CVE does not specify affected firmware or software versions, so any device currently running UniFi OS is at risk until an updated build remedies the issue.

Risk and Exploitability

The CVSS base score of 8.6 places this flaw in the High severity category, reflecting a significant impact should exploitation succeed. The EPSS metric is unavailable, so we cannot quantify real‑world exploitation probability, but the absence from the KEV list suggests no publicly known exploits yet. However, the flaw can be triggered remotely from inside the local network, and given the accumulation of many UniFi OS devices in enterprises, the attack surface is large. Organizations should treat this as a high‑priority vulnerability that can be mitigated with a firmware update and network segmentation.

Generated by OpenCVE AI on June 12, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Ubiquiti firmware update that contains a fix for the path traversal issue to all UniFi OS devices.
  • Segregate UniFi OS devices onto a dedicated VLAN and enforce strict ACLs to limit inbound traffic to only trusted management hosts, thereby reducing the attacker’s ability to reach the vulnerable interface.
  • Disable any unused remote management features on the devices, such as SSH or web‑based configuration, to minimize the attack surface.

Generated by OpenCVE AI on June 12, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os Server
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os Server
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 12 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Enables Unauthorized Data Access on UniFi OS Devices

Fri, 12 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}


Subscriptions

Ubiquiti Efg Envr Envr-core Express Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Server Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-12T14:30:10.779Z

Reserved: 2026-05-19T15:00:09.320Z

Link: CVE-2026-47368

cve-icon Vulnrichment

Updated: 2026-06-12T14:29:58.788Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T04:17:06.343

Modified: 2026-06-12T16:10:10.070

Link: CVE-2026-47368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:21:14Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')