CVE-2026-47369
published 2026-06-12CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi…
PriorityP264critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.30%
21.9th percentile
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | efg | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | envr | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | envr-core | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | express | < 4.0.15 | 4.0.15 |
| ubiquiti_inc | express_7 | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-fiber | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-industrial | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-max | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | ucg-ultra | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | uck | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | uck-enterprise | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | uckp | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-beast | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-pro | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-pro-max | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udm-se | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udr | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udr-5g | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udr7 | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | udw | < 5.1.15 | 5.1.15 |
| ubiquiti_inc | unas-2 | < 5.1.16 | 5.1.16 |
| ubiquiti_inc | unas-4 | < 5.1.16 | 5.1.16 |
| ubiquiti_inc | unas-pro | < 5.1.16 | 5.1.16 |
| ubiquiti_inc | unas-pro-4 | < 5.1.16 | 5.1.16 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ubiquiti UniFi OS Server up to 5.1.14 input validation (EUVD-2026-36383 / WID-SEC-2026-1872)
vuldb·2026-06-14·CVSS 9.9
CVE-2026-47369 [CRITICAL] Ubiquiti UniFi OS Server up to 5.1.14 input validation (EUVD-2026-36383 / WID-SEC-2026-1872)
A vulnerability classified as very critical was found in Ubiquiti UniFi OS Server, Express, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber and UCG-Industrial up to 5.1.14. Affected by this vulnerability is an unknown functionality. The manipulation results in improper input validation.
This vulnerability is cataloged as CVE-2026-47369. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
GHSA
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such Un
ghsa_unreviewed·2026-06-12
CVE-2026-47369 [CRITICAL] CWE-20 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such Un
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published