CVE-2026-47369 - Vulnerability Details

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00063.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ubiquiti Inc

UniFi OS Server

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

Express

unaffected

Version	Status	Constraints
`0`	affected	< 4.0.15

Ubiquiti Inc

UDM

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-SE

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-Pro-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDM-Beast

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

EFG

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDW

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDR7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UDR-5G

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

Express 7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-Instant

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-G2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNVR-G2-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

ENVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

ENVR-Core

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UNAS-2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-Pro-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UNAS-Pro-8

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.16

Ubiquiti Inc

UCKP

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCK

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCK-Enterprise

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Ultra

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Fiber

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

Ubiquiti Inc

UCG-Industrial

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.15

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Ubiquiti Subscribe	Efg Subscribe Envr Subscribe Envr-core Subscribe Express Subscribe Express 7 Subscribe Ucg-fiber Subscribe Ucg-industrial Subscribe Ucg-max Subscribe Ucg-ultra Subscribe Uck Subscribe Uck-enterprise Subscribe Uckp Subscribe Udm Subscribe Udm-beast Subscribe Udm-pro Subscribe Udm-pro-max Subscribe Udm-se Subscribe Udr Subscribe Udr-5g Subscribe Udr7 Subscribe Udw Subscribe Unas-2 Subscribe Unas-4 Subscribe Unas-pro Subscribe Unas-pro-4 Subscribe Unas-pro-8 Subscribe Unifi Os Server Subscribe Unvr Subscribe Unvr-g2 Subscribe Unvr-g2-pro Subscribe Unvr-instant Subscribe Unvr-pro Subscribe

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

History

Fri, 12 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express Ubiquiti express 7 Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Server Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro
Vendors & Products		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express Ubiquiti express 7 Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Server Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro

Fri, 12 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 12 Jun 2026 05:15:00 +0000

Type	Values Removed	Values Added
Title		Privilege Escalation via Improper Input Validation in UniFi OS Devices

Fri, 12 Jun 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
Weaknesses		CWE-20
References		https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a
Metrics		cvssV3_1 `{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-06-12T02:27:43.612Z

Updated: 2026-06-12T14:18:35.223Z

Reserved: 2026-05-19T15:00:09.320Z

Link: CVE-2026-47369

Vulnrichment

Updated: 2026-06-12T14:10:18.780Z

NVD

Status : Deferred

Published: 2026-06-12T04:17:06.513

Modified: 2026-06-12T16:10:10.070

Link: CVE-2026-47369

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-12T20:21:11Z

Weaknesses

CWE-20

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object