CVE-2026-47369PATCHED

ubiquiti · unifi os server

CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Description

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

Affected Products

Vendor	Product	Versions
ubiquiti	unifi os server	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Related News (2 articles)

Tier D

Heise Security1d ago

Ubiquiti UniFi OS: Kritische Lücken erlauben Codeschmuggel

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-47369 | Ubiquiti UniFi OS Server up to 5.1.14 input validation

→ No new info (linked only)

CVSS 3.19.9 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

5.1.154.0.155.1.16

CWECWE-20

PublishedJun 12, 2026

Last enriched1d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34908EXPKEV

CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de

Trending: 106

CRITICALCVE-2026-47370EXP

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 55

HIGHCVE-2026-48610EXP

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control

Trending: 42

HIGHCVE-2026-47368

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices runni

Trending: 23

CRITICALCVE-2026-34910EXPKEV

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS

Trending: 11

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 12, 2026

Discovered by ZDM

Jun 12, 2026

Updated: affectedVersions, severity, tags

Jun 12, 2026

Patch Available

Jun 13, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated affected versions to include 5.1.14, changed severity to HIGH, and added tags related to input validation and remote attack.

affectedVersionsseveritytags

via VulDB

v11d ago

Initial creation