CVE-2026-47370

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-47370

Affected Products

Efg

Envr

Envr-Core

Express

Express 7

Ucg-Fiber

Ucg-Industrial

Ucg-Max

Ucg-Ultra

Uck

Uck-Enterprise

Uckp

Udm

Udm-Beast

Udm-Pro

Udm-Pro-Max

Udm-Se

Udr

Udr-5G

Udr7

Udw

Unas-2

Unas-4

Unas-Pro

Unas-Pro-4

Unas-Pro-8

Unvr

Unvr-G2

Unvr-G2-Pro

Unvr-Instant

Unvr-Pro

Unifi Os Server

CVE-2026-47370

Weakness Enumeration

Related Identifiers

Affected Products

References · 2