cbcvebase.
CVE-2026-47370
published 2026-06-12

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi…

PriorityP270critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.83%
53.1th percentile
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
ubiquiti_incefg< 5.1.155.1.15
ubiquiti_incenvr< 5.1.155.1.15
ubiquiti_incenvr-core< 5.1.155.1.15
ubiquiti_incexpress< 4.0.154.0.15
ubiquiti_incexpress_7< 5.1.155.1.15
ubiquiti_incucg-fiber< 5.1.155.1.15
ubiquiti_incucg-industrial< 5.1.155.1.15
ubiquiti_incucg-max< 5.1.155.1.15
ubiquiti_incucg-ultra< 5.1.155.1.15
ubiquiti_incuck< 5.1.155.1.15
ubiquiti_incuck-enterprise< 5.1.155.1.15
ubiquiti_incuckp< 5.1.155.1.15
ubiquiti_incudm< 5.1.155.1.15
ubiquiti_incudm-beast< 5.1.155.1.15
ubiquiti_incudm-pro< 5.1.155.1.15
ubiquiti_incudm-pro-max< 5.1.155.1.15
ubiquiti_incudm-se< 5.1.155.1.15
ubiquiti_incudr< 5.1.155.1.15
ubiquiti_incudr-5g< 5.1.155.1.15
ubiquiti_incudr7< 5.1.155.1.15
ubiquiti_incudw< 5.1.155.1.15
ubiquiti_incunas-2< 5.1.165.1.16
ubiquiti_incunas-4< 5.1.165.1.16
ubiquiti_incunas-pro< 5.1.165.1.16
ubiquiti_incunas-pro-4< 5.1.165.1.16
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.

CVE-2026-47370 — Improper Input Validation | cvebase