Description
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
Published: 2026-06-12
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Input Validation flaw (CWE‑20) in UniFi OS that allows an actor with network access and low privileges to send malformed input and gain higher privileges on the device. The CVE description does not state any further capabilities beyond privilege escalation, but an attacker who has recovered elevated rights would be able to modify device configuration or otherwise hijack the device.

Affected Systems

The flaw affects any Ubiquiti Inc product that runs UniFi OS, including the EFG, ENVR, Express, UCG‑Fiber, UCG‑Industrial, UCK, UDM, UDR, UDW, UNAS‑2, UNAS‑4, UNAS‑Pro, UNVR, UNVR‑G2, UNVR‑Instant, and the UniFi OS Server. Specific firmware versions are not enumerated in the advisory; all devices that are intended to run the vulnerable UniFi OS release should be viewed as at risk.

Risk and Exploitability

The high CVSS score of 9.9 indicates critical severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the attack requires only network proximity and low privileges, the barrier to exploitation is low; any user who can reach the device on the network and has minimal privileges could exploit the flaw. This the likely vector for exploitation, as inferred from the description of network access being required.

Generated by OpenCVE AI on June 12, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware patch that addresses the privilege escalation flaw.
  • Restrict network access to UniFi OS devices using VLAN segmentation or firewall rules to limit exposure to trusted hosts.
  • Monitor device logs for anomalous input patterns and disable unused services or ports that may be leveraged by attackers.

Generated by OpenCVE AI on June 12, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os Server
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os Server
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 12 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Improper Input Validation in UniFi OS Devices

Fri, 12 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Ubiquiti Efg Envr Envr-core Express Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Server Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-13T03:55:49.944Z

Reserved: 2026-05-19T15:00:09.320Z

Link: CVE-2026-47369

cve-icon Vulnrichment

Updated: 2026-06-12T14:10:18.780Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T04:17:06.513

Modified: 2026-06-12T16:10:10.070

Link: CVE-2026-47369

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:21:11Z

Weaknesses
  • CWE-20

    Improper Input Validation