Description
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
Published: 2026-06-12
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker who can reach the network and possesses low‑privilege credentials may send specially crafted input to a UniFi OS device, leading the system to execute arbitrary shell commands on the device. The vulnerability is an instance of Improper Input Validation (CWE‑20) and can compromise the confidentiality, integrity, and availability of the affected device, potentially allowing the attacker to gain full administrative control or to pivot to other devices on the network. The impact is limited to devices that process the malicious input, but the compromised device could serve as an entry point to a larger network.

Affected Systems

The affected products include several Ubiquiti Inc. systems that run UniFi OS, such as the EFG, ENVR, Express, UCG, UCK, UDM, UDR, UDW, UNAS, UNVR, and UniFi OS Server families. The specific firmware or software versions are not enumerated in the advisory, so any installation running UniFi OS that exposes the vulnerable input handling code is potentially at risk.

Risk and Exploitability

The CVSS score of 9.9 indicates a critical severity, while the EPSS score is unavailable, so it is unclear how often the vulnerability is currently exploited. It is not listed in the CISA KEV catalog, but the high CVSS and the fact that it requires only network access and low privileges make it a high‑risk threat. A likely attack vector involves an actor on the same local network or remotely with VPN or other authorized access, sending crafted payloads to the vulnerable endpoint. If successful, the attacker could run arbitrary commands, install malware, or exfiltrate data. The exploit would succeed without needing elevated privileges or prior compromise beyond low‑privilege network access, making it a serious threat to any compromised network segment.

Generated by OpenCVE AI on June 12, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the UniFi OS firmware to the latest vendor‑supplied release that contains the fixed input validation logic
  • Limit or block external network access to any UniFi OS device interfaces that process user input, using firewall rules or network segmentation
  • Implement strict access controls and monitor for abnormal command execution patterns, then apply additional validation or sandboxing for any remaining input paths

Generated by OpenCVE AI on June 12, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os Server
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os Server
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Ubiquiti Efg Envr Envr-core Express Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Server Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-13T03:55:51.078Z

Reserved: 2026-05-19T15:00:09.320Z

Link: CVE-2026-47370

cve-icon Vulnrichment

Updated: 2026-06-12T14:07:18.328Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T04:17:06.657

Modified: 2026-06-12T16:10:10.070

Link: CVE-2026-47370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:21:06Z

Weaknesses
  • CWE-20

    Improper Input Validation