A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Ubiquiti Inc | UniFi OS Server | unaffected |
|
||||||
| Ubiquiti Inc | Express | unaffected |
|
||||||
| Ubiquiti Inc | UDM | unaffected |
|
||||||
| Ubiquiti Inc | UDM-Pro | unaffected |
|
||||||
| Ubiquiti Inc | UDM-SE | unaffected |
|
||||||
| Ubiquiti Inc | UDM-Pro-Max | unaffected |
|
||||||
| Ubiquiti Inc | UDM-Beast | unaffected |
|
||||||
| Ubiquiti Inc | EFG | unaffected |
|
||||||
| Ubiquiti Inc | UDW | unaffected |
|
||||||
| Ubiquiti Inc | UDR | unaffected |
|
||||||
| Ubiquiti Inc | UDR7 | unaffected |
|
||||||
| Ubiquiti Inc | UDR-5G | unaffected |
|
||||||
| Ubiquiti Inc | Express 7 | unaffected |
|
||||||
| Ubiquiti Inc | UNVR | unaffected |
|
||||||
| Ubiquiti Inc | UNVR-Pro | unaffected |
|
||||||
| Ubiquiti Inc | UNVR-Instant | unaffected |
|
||||||
| Ubiquiti Inc | UNVR-G2 | unaffected |
|
||||||
| Ubiquiti Inc | UNVR-G2-Pro | unaffected |
|
||||||
| Ubiquiti Inc | ENVR | unaffected |
|
||||||
| Ubiquiti Inc | ENVR-Core | unaffected |
|
||||||
| Ubiquiti Inc | UNAS-2 | unaffected |
|
||||||
| Ubiquiti Inc | UNAS-4 | unaffected |
|
||||||
| Ubiquiti Inc | UNAS-Pro | unaffected |
|
||||||
| Ubiquiti Inc | UNAS-Pro-4 | unaffected |
|
||||||
| Ubiquiti Inc | UNAS-Pro-8 | unaffected |
|
||||||
| Ubiquiti Inc | UCKP | unaffected |
|
||||||
| Ubiquiti Inc | UCK | unaffected |
|
||||||
| Ubiquiti Inc | UCK-Enterprise | unaffected |
|
||||||
| Ubiquiti Inc | UCG-Ultra | unaffected |
|
||||||
| Ubiquiti Inc | UCG-Max | unaffected |
|
||||||
| Ubiquiti Inc | UCG-Fiber | unaffected |
|
||||||
| Ubiquiti Inc | UCG-Industrial | unaffected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
|
Ubiquiti
Subscribe
|
Efg
Subscribe
Envr
Subscribe
Envr-core
Subscribe
Express
Subscribe
Ucg-fiber
Subscribe
Ucg-industrial
Subscribe
Ucg-max
Subscribe
Ucg-ultra
Subscribe
Uck
Subscribe
Uck-enterprise
Subscribe
Uckp
Subscribe
Udm
Subscribe
Udm-beast
Subscribe
Udm-pro
Subscribe
Udm-pro-max
Subscribe
Udm-se
Subscribe
Udr
Subscribe
Udr-5g
Subscribe
Udr7
Subscribe
Udw
Subscribe
Unas-2
Subscribe
Unas-4
Subscribe
Unas-pro
Subscribe
Unas-pro-4
Subscribe
Unas-pro-8
Subscribe
Unifi Os Server
Subscribe
Unvr
Subscribe
Unvr-g2
Subscribe
Unvr-g2-pro
Subscribe
Unvr-instant
Subscribe
Unvr-pro
Subscribe
|
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 12 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ubiquiti
Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Server Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro |
|
| Vendors & Products |
Ubiquiti
Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Server Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro |
Fri, 12 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 12 Jun 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances. | |
| Weaknesses | CWE-20 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published:
Updated: 2026-06-12T14:09:09.485Z
Reserved: 2026-05-19T15:00:09.320Z
Link: CVE-2026-47370
Vulnrichment
Updated: 2026-06-12T14:07:18.328Z
NVD
Status : Deferred
Published: 2026-06-12T04:17:06.657
Modified: 2026-06-12T16:10:10.070
Link: CVE-2026-47370
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-12T20:21:06Z
Weaknesses