CVE Catalog

CVE-2026-47370

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

43th percentile — higher than 43% of all known CVEs

Summary

Certain devices running UniFi OS are vulnerable to improper input validation, allowing a malicious actor with low privileges to execute a Command Injection attack.

Risk Assessment

The organization may be exposed to unauthorized command execution on UniFi OS systems, potentially leading to serious security breaches.

Recommendation

It is recommended to update devices to the latest version of UniFi OS and implement strict access controls to the network.

Original NVD description (English source)

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS