cbcvebase.
CVE-2026-47368
published 2026-06-12

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such…

PriorityP352high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EPSS
0.36%
27.3th percentile
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
ubiquiti_incefg< 5.1.155.1.15
ubiquiti_incenvr< 5.1.155.1.15
ubiquiti_incenvr-core< 5.1.155.1.15
ubiquiti_incexpress< 4.0.154.0.15
ubiquiti_incexpress_7< 5.1.155.1.15
ubiquiti_incucg-fiber< 5.1.155.1.15
ubiquiti_incucg-industrial< 5.1.155.1.15
ubiquiti_incucg-max< 5.1.155.1.15
ubiquiti_incucg-ultra< 5.1.155.1.15
ubiquiti_incuck< 5.1.155.1.15
ubiquiti_incuck-enterprise< 5.1.155.1.15
ubiquiti_incuckp< 5.1.155.1.15
ubiquiti_incudm< 5.1.155.1.15
ubiquiti_incudm-beast< 5.1.155.1.15
ubiquiti_incudm-pro< 5.1.155.1.15
ubiquiti_incudm-pro-max< 5.1.155.1.15
ubiquiti_incudm-se< 5.1.155.1.15
ubiquiti_incudr< 5.1.155.1.15
ubiquiti_incudr-5g< 5.1.155.1.15
ubiquiti_incudr7< 5.1.155.1.15
ubiquiti_incudw< 5.1.155.1.15
ubiquiti_incunas-2< 5.1.165.1.16
ubiquiti_incunas-4< 5.1.165.1.16
ubiquiti_incunas-pro< 5.1.165.1.16
ubiquiti_incunas-pro-4< 5.1.165.1.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.