CVE-2026-48610EXPLOITEDPATCHED

ubiquiti · unifi os

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control

Description

Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Affected Products

Vendor	Product	Versions
ubiquiti	unifi os	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-48610 | Ubiquiti UDM up to 5.1.14 access control

→ No new info (linked only)

CVSS 3.18.1 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.1.15

CWECWE-284

PublishedJun 12, 2026

Last enriched1d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34908EXPKEV

CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de

Trending: 106

CRITICALCVE-2026-47370EXP

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 55

CRITICALCVE-2026-47369

CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 41

HIGHCVE-2026-47368

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices runni

Trending: 23

CRITICALCVE-2026-34910EXPKEV

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS

Trending: 11

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 12, 2026

Discovered by ZDM

Jun 12, 2026

Updated: severity, affectedVersions, activelyExploited, tags

Jun 12, 2026

Actively Exploited

Jun 12, 2026

Patch Available

Jun 12, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added affected version 5.1.14, and marked the vulnerability as actively exploited.

severityaffectedVersionsactivelyExploitedtags

via VulDB

v11d ago

Initial creation