CVE-2026-47368_CVE-2026-47368

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.

AI Analysis

Path Traversal vulnerability in UniFi OS devices

Basic Information

ID CVE-2026-47368

Source hackerone

Published Jun 12, 2026 at 02:27

Affected Product

Vendor Ubiquiti Inc

Product UniFi OS Server

Affected Versions Ubiquiti Inc UniFi OS Server 0
Ubiquiti Inc Express 0
Ubiquiti Inc UDM 0
Ubiquiti Inc UDM-Pro 0
Ubiquiti Inc UDM-SE 0
Ubiquiti Inc UDM-Pro-Max 0
Ubiquiti Inc UDM-Beast 0
Ubiquiti Inc EFG 0
Ubiquiti Inc UDW 0
Ubiquiti Inc UDR 0
Ubiquiti Inc UDR7 0
Ubiquiti Inc UDR-5G 0
Ubiquiti Inc Express 7 0
Ubiquiti Inc UNVR 0
Ubiquiti Inc UNVR-Pro 0
Ubiquiti Inc UNVR-Instant 0
Ubiquiti Inc UNVR-G2 0
Ubiquiti Inc UNVR-G2-Pro 0
Ubiquiti Inc ENVR 0
Ubiquiti Inc ENVR-Core 0
Ubiquiti Inc UNAS-2 0
Ubiquiti Inc UNAS-4 0
Ubiquiti Inc UNAS-Pro 0
Ubiquiti Inc UNAS-Pro-4 0
Ubiquiti Inc UNAS-Pro-8 0
Ubiquiti Inc UCKP 0
Ubiquiti Inc UCK 0
Ubiquiti Inc UCK-Enterprise 0
Ubiquiti Inc UCG-Ultra 0
Ubiquiti Inc UCG-Max 0
Ubiquiti Inc UCG-Fiber 0
Ubiquiti Inc UCG-Industrial 0

CWE Classification

CWE-22

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Ubiquiti Inc

Product UniFi OS

References

community.ui.com /releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

{
    "lastseen": "",
    "description": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.",
    "published": "2026-06-12T02:27:43.525Z",
    "modified": "2026-06-12T02:27:43.525Z",
    "type": "cve",
    "title": "CVE-2026-47368",
    "source": "hackerone",
    "references": "https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a",
    "id": "CVE-2026-47368",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Ubiquiti Inc UniFi OS Server 0\nUbiquiti Inc Express 0\nUbiquiti Inc UDM 0\nUbiquiti Inc UDM-Pro 0\nUbiquiti Inc UDM-SE 0\nUbiquiti Inc UDM-Pro-Max 0\nUbiquiti Inc UDM-Beast 0\nUbiquiti Inc EFG 0\nUbiquiti Inc UDW 0\nUbiquiti Inc UDR 0\nUbiquiti Inc UDR7 0\nUbiquiti Inc UDR-5G 0\nUbiquiti Inc Express 7 0\nUbiquiti Inc UNVR 0\nUbiquiti Inc UNVR-Pro 0\nUbiquiti Inc UNVR-Instant 0\nUbiquiti Inc UNVR-G2 0\nUbiquiti Inc UNVR-G2-Pro 0\nUbiquiti Inc ENVR 0\nUbiquiti Inc ENVR-Core 0\nUbiquiti Inc UNAS-2 0\nUbiquiti Inc UNAS-4 0\nUbiquiti Inc UNAS-Pro 0\nUbiquiti Inc UNAS-Pro-4 0\nUbiquiti Inc UNAS-Pro-8 0\nUbiquiti Inc UCKP 0\nUbiquiti Inc UCK 0\nUbiquiti Inc UCK-Enterprise 0\nUbiquiti Inc UCG-Ultra 0\nUbiquiti Inc UCG-Max 0\nUbiquiti Inc UCG-Fiber 0\nUbiquiti Inc UCG-Industrial 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UniFi OS Server",
    "version": "0",
    "vendor": "Ubiquiti Inc",
    "ai_description": "Path Traversal vulnerability in UniFi OS devices",
    "ai_severity": "High",
    "ai_vendor": "Ubiquiti Inc",
    "ai_product": "UniFi OS",
    "ai_version": "0",
    "ai_score": 8.6
}