CVE-2026-47370EXPLOITEDPATCHED

ubiquiti · unifi os

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Description

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

Affected Products

Vendor	Product	Versions
ubiquiti	unifi os	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

References

https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

Related News (2 articles)

Tier D

Heise Security1d ago

Ubiquiti UniFi OS: Kritische Lücken erlauben Codeschmuggel

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-47370 | Ubiquiti UniFi OS Server up to 5.1.14 command injection

→ No new info (linked only)

CVSS 3.19.9 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

5.1.154.0.155.1.16

CWECWE-20

PublishedJun 12, 2026

Last enriched1d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34908EXPKEV

CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de

Trending: 107

HIGHCVE-2026-48610EXP

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control

Trending: 43

CRITICALCVE-2026-47369

CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 41

HIGHCVE-2026-47368

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices runni

Trending: 24

CRITICALCVE-2026-34910EXPKEV

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS

Trending: 11

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 12, 2026

Discovered by ZDM

Jun 12, 2026

Updated: affectedVersions, activelyExploited, tags

Jun 12, 2026

Actively Exploited

Jun 13, 2026

Patch Available

Jun 13, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated affected versions to include 5.1.14, marked as actively exploited, and added new tag 'command injection'.

affectedVersionsactivelyExploitedtags

via VulDB

v11d ago

Initial creation