CVE-2026-47368PATCHED

ubiquiti · unifi os server

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices runni

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.

Affected Products

Vendor	Product	Versions
ubiquiti	unifi os server	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-47368 | Ubiquiti UniFi OS Server up to 5.1.14 path traversal

→ No new info (linked only)

CVSS 3.18.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

5.1.154.0.155.1.16

CWECWE-22

PublishedJun 12, 2026

Last enriched1d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34908EXPKEV

CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de

Trending: 106

CRITICALCVE-2026-47370EXP

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 55

HIGHCVE-2026-48610EXP

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control

Trending: 42

CRITICALCVE-2026-47369

CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 41

CRITICALCVE-2026-34910EXPKEV

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS

Trending: 11

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 12, 2026

Discovered by ZDM

Jun 12, 2026

Updated: affectedVersions, severity, tags

Jun 12, 2026

Patch Available

Jun 12, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added affected version 5.1.14, and clarified exploit availability.

affectedVersionsseveritytags

via VulDB

v11d ago

Initial creation