CVE-2026-47369_CVE-2026-47369

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

AI Analysis

Improper Input Validation vulnerability in UniFi OS allowing privilege escalation

Basic Information

ID CVE-2026-47369

Source hackerone

Published Jun 12, 2026 at 02:27

Affected Product

Vendor Ubiquiti Inc

Product UniFi OS Server

Affected Versions Ubiquiti Inc UniFi OS Server 0
Ubiquiti Inc Express 0
Ubiquiti Inc UDM 0
Ubiquiti Inc UDM-Pro 0
Ubiquiti Inc UDM-SE 0
Ubiquiti Inc UDM-Pro-Max 0
Ubiquiti Inc UDM-Beast 0
Ubiquiti Inc EFG 0
Ubiquiti Inc UDW 0
Ubiquiti Inc UDR 0
Ubiquiti Inc UDR7 0
Ubiquiti Inc UDR-5G 0
Ubiquiti Inc Express 7 0
Ubiquiti Inc UNVR 0
Ubiquiti Inc UNVR-Pro 0
Ubiquiti Inc UNVR-Instant 0
Ubiquiti Inc UNVR-G2 0
Ubiquiti Inc UNVR-G2-Pro 0
Ubiquiti Inc ENVR 0
Ubiquiti Inc ENVR-Core 0
Ubiquiti Inc UNAS-2 0
Ubiquiti Inc UNAS-4 0
Ubiquiti Inc UNAS-Pro 0
Ubiquiti Inc UNAS-Pro-4 0
Ubiquiti Inc UNAS-Pro-8 0
Ubiquiti Inc UCKP 0
Ubiquiti Inc UCK 0
Ubiquiti Inc UCK-Enterprise 0
Ubiquiti Inc UCG-Ultra 0
Ubiquiti Inc UCG-Max 0
Ubiquiti Inc UCG-Fiber 0
Ubiquiti Inc UCG-Industrial 0

CWE Classification

CWE-20

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Ubiquiti Inc

Product UniFi OS

References

community.ui.com /releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a

{
    "lastseen": "",
    "description": "A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.",
    "published": "2026-06-12T02:27:43.612Z",
    "modified": "2026-06-12T02:27:43.612Z",
    "type": "cve",
    "title": "CVE-2026-47369",
    "source": "hackerone",
    "references": "https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a",
    "id": "CVE-2026-47369",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Ubiquiti Inc UniFi OS Server 0\nUbiquiti Inc Express 0\nUbiquiti Inc UDM 0\nUbiquiti Inc UDM-Pro 0\nUbiquiti Inc UDM-SE 0\nUbiquiti Inc UDM-Pro-Max 0\nUbiquiti Inc UDM-Beast 0\nUbiquiti Inc EFG 0\nUbiquiti Inc UDW 0\nUbiquiti Inc UDR 0\nUbiquiti Inc UDR7 0\nUbiquiti Inc UDR-5G 0\nUbiquiti Inc Express 7 0\nUbiquiti Inc UNVR 0\nUbiquiti Inc UNVR-Pro 0\nUbiquiti Inc UNVR-Instant 0\nUbiquiti Inc UNVR-G2 0\nUbiquiti Inc UNVR-G2-Pro 0\nUbiquiti Inc ENVR 0\nUbiquiti Inc ENVR-Core 0\nUbiquiti Inc UNAS-2 0\nUbiquiti Inc UNAS-4 0\nUbiquiti Inc UNAS-Pro 0\nUbiquiti Inc UNAS-Pro-4 0\nUbiquiti Inc UNAS-Pro-8 0\nUbiquiti Inc UCKP 0\nUbiquiti Inc UCK 0\nUbiquiti Inc UCK-Enterprise 0\nUbiquiti Inc UCG-Ultra 0\nUbiquiti Inc UCG-Max 0\nUbiquiti Inc UCG-Fiber 0\nUbiquiti Inc UCG-Industrial 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UniFi OS Server",
    "version": "0",
    "vendor": "Ubiquiti Inc",
    "ai_description": "Improper Input Validation vulnerability in UniFi OS allowing privilege escalation",
    "ai_severity": "Critical",
    "ai_vendor": "Ubiquiti Inc",
    "ai_product": "UniFi OS",
    "ai_version": "0",
    "ai_score": 9.9
}