CVE-2026-47370 - Vulnerability Details - OpenCVE

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

History

Fri, 12 Jun 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
Weaknesses		CWE-20
References		https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a
Metrics		cvssV3_1 `{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-06-12T02:27:43.642Z

Updated: 2026-06-12T02:27:43.642Z

Reserved: 2026-05-19T15:00:09.320Z

Link: CVE-2026-47370

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-12T04:17:06.657

Modified: 2026-06-12T04:17:06.657

Link: CVE-2026-47370

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-12T04:30:04Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-47370", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-05-19T15:00:09.320Z", "datePublished": "2026-06-12T02:27:43.642Z", "dateUpdated": "2026-06-12T02:27:43.642Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UniFi OS Server", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "Express", "versions": [{"version": "0", "status": "affected", "lessThan": "4.0.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Pro", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-SE", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Pro-Max", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDM-Beast", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "EFG", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDW", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDR", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDR7", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UDR-5G", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "Express 7", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR-Pro", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR-Instant", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR-G2", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNVR-G2-Pro", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "ENVR", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "ENVR-Core", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNAS-2", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNAS-4", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNAS-Pro", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNAS-Pro-4", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UNAS-Pro-8", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.16", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCKP", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCK", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCK-Enterprise", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCG-Ultra", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCG-Max", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCG-Fiber", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "UCG-Industrial", "versions": [{"version": "0", "status": "affected", "lessThan": "5.1.15", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-06-12T02:27:43.642Z"}}}}