CVE-2026-47370
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk43th percentile — higher than 43% of all known CVEs
Summary
Certain devices running UniFi OS are vulnerable to improper input validation, allowing a malicious actor with low privileges to execute a Command Injection attack.
Risk Assessment
The organization may be exposed to unauthorized command execution on UniFi OS systems, potentially leading to serious security breaches.
Recommendation
It is recommended to update devices to the latest version of UniFi OS and implement strict access controls to the network.
Original NVD description (English source)
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

