Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

CVE-2026-47370

CVSS 9.9 · Critical EPSS 0.83% · P53

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 32

VendorProductVersion RangeStatus
Ubiquiti IncEFG< 5.1.15affected
Ubiquiti IncENVR< 5.1.15affected
Ubiquiti IncENVR-Core< 5.1.15affected
Ubiquiti IncExpress< 4.0.15affected
Ubiquiti IncExpress 7< 5.1.15affected
Ubiquiti IncUCG-Fiber< 5.1.15affected
Ubiquiti IncUCG-Industrial< 5.1.15affected
Ubiquiti IncUCG-Max< 5.1.15affected
Ubiquiti IncUCG-Ultra< 5.1.15affected
Ubiquiti IncUCK< 5.1.15affected
Ubiquiti IncUCK-Enterprise< 5.1.15affected
Ubiquiti IncUCKP< 5.1.15affected
Ubiquiti IncUDM< 5.1.15affected
Ubiquiti IncUDM-Beast< 5.1.15affected
Ubiquiti IncUDM-Pro< 5.1.15affected
Ubiquiti IncUDM-Pro-Max< 5.1.15affected
Ubiquiti IncUDM-SE< 5.1.15affected
Ubiquiti IncUDR< 5.1.15affected
Ubiquiti IncUDR-5G< 5.1.15affected
Ubiquiti IncUDR7< 5.1.15affected
Ubiquiti IncUDW< 5.1.15affected
Ubiquiti IncUNAS-2< 5.1.16affected
Ubiquiti IncUNAS-4< 5.1.16affected
Ubiquiti IncUNAS-Pro< 5.1.16affected
Ubiquiti IncUNAS-Pro-4< 5.1.16affected
Ubiquiti IncUNAS-Pro-8< 5.1.16affected
Ubiquiti IncUniFi OS Server< 5.1.15affected
Ubiquiti IncUNVR< 5.1.15affected
Ubiquiti IncUNVR-G2< 5.1.15affected
Ubiquiti IncUNVR-G2-Pro< 5.1.15affected
Ubiquiti IncUNVR-Instant< 5.1.15affected
Ubiquiti IncUNVR-Pro< 5.1.15affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47370

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ubiquiti Inc UniFi OS Server 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ubiquiti Inc UniFi OS Server是Ubiquiti Inc公司的网络设备管理软件。 Ubiquiti Inc UniFi OS Server存在输入验证错误漏洞,该漏洞源于输入验证错误,可能导致具有网络访问权限和低权限的攻击者执行命令注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Ubiquiti IncUniFi OS Server 0 ~ 5.1.15 -
Ubiquiti IncExpress 0 ~ 4.0.15 -
Ubiquiti IncUDM 0 ~ 5.1.15 -
Ubiquiti IncUDM-Pro 0 ~ 5.1.15 -
Ubiquiti IncUDM-SE 0 ~ 5.1.15 -
Ubiquiti IncUDM-Pro-Max 0 ~ 5.1.15 -
Ubiquiti IncUDM-Beast 0 ~ 5.1.15 -
Ubiquiti IncEFG 0 ~ 5.1.15 -
Ubiquiti IncUDW 0 ~ 5.1.15 -
Ubiquiti IncUDR 0 ~ 5.1.15 -
Ubiquiti IncUDR7 0 ~ 5.1.15 -
Ubiquiti IncUDR-5G 0 ~ 5.1.15 -
Ubiquiti IncExpress 7 0 ~ 5.1.15 -
Ubiquiti IncUNVR 0 ~ 5.1.15 -
Ubiquiti IncUNVR-Pro 0 ~ 5.1.15 -
Ubiquiti IncUNVR-Instant 0 ~ 5.1.15 -
Ubiquiti IncUNVR-G2 0 ~ 5.1.15 -
Ubiquiti IncUNVR-G2-Pro 0 ~ 5.1.15 -
Ubiquiti IncENVR 0 ~ 5.1.15 -
Ubiquiti IncENVR-Core 0 ~ 5.1.15 -
Ubiquiti IncUNAS-2 0 ~ 5.1.16 -
Ubiquiti IncUNAS-4 0 ~ 5.1.16 -
Ubiquiti IncUNAS-Pro 0 ~ 5.1.16 -
Ubiquiti IncUNAS-Pro-4 0 ~ 5.1.16 -
Ubiquiti IncUNAS-Pro-8 0 ~ 5.1.16 -
Ubiquiti IncUCKP 0 ~ 5.1.15 -
Ubiquiti IncUCK 0 ~ 5.1.15 -
Ubiquiti IncUCK-Enterprise 0 ~ 5.1.15 -
Ubiquiti IncUCG-Ultra 0 ~ 5.1.15 -
Ubiquiti IncUCG-Max 0 ~ 5.1.15 -
Ubiquiti IncUCG-Fiber 0 ~ 5.1.15 -
Ubiquiti IncUCG-Industrial 0 ~ 5.1.15 -

II. Public POCs for CVE-2026-47370

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-47370

登录查看更多情报信息。

Vendor Advisories for CVE-2026-47370 (1)

Same Patch Batch · Ubiquiti Inc · 2026-06-12 · 5 CVEs total

CVE-2026-473679.9 CRITICALUbiquiti UID Enterprise Agent 输入验证错误漏洞
CVE-2026-473699.9 CRITICALUbiquiti UniFi OS Server 输入验证错误漏洞
CVE-2026-473688.6 HIGHUbiquiti Inc UniFi OS Server 路径遍历漏洞
CVE-2026-486108.1 HIGHUbiquiti UDM 权限许可和访问控制问题漏洞

IV. Related Vulnerabilities

Same product: UniFi OS Server
Same vendor: Ubiquiti Inc
Same weakness: CWE-20

V. Comments for CVE-2026-47370

No comments yet

Leave a comment