CVE-2026-47367
published 2026-06-12CVE-2026-47367: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to…
PriorityP270critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.83%
52.8th percentile
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | uid_enterprise_agent | < 1.61.4 | 1.61.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ubiquiti UID Enterprise Agent up to 1.61.3 input validation (WID-SEC-2026-1872)
vuldb·2026-06-13·CVSS 9.9
CVE-2026-47367 [CRITICAL] Ubiquiti UID Enterprise Agent up to 1.61.3 input validation (WID-SEC-2026-1872)
A vulnerability described as very critical has been identified in Ubiquiti UID Enterprise Agent up to 1.61.3. This impacts an unknown function. Executing a manipulation can lead to improper input validation.
This vulnerability is tracked as CVE-2026-47367. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is recommended.
GHSA
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device
ghsa_unreviewed·2026-06-12
CVE-2026-47367 [CRITICAL] CWE-20 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published