CVE-2026-47368

Summary

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi OS Server0 < 5.1.15affected
Ubiquiti IncExpress0 < 4.0.15affected
Ubiquiti IncUDM0 < 5.1.15affected
Ubiquiti IncUDM-Pro0 < 5.1.15affected
Ubiquiti IncUDM-SE0 < 5.1.15affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.15affected
Ubiquiti IncUDM-Beast0 < 5.1.15affected
Ubiquiti IncEFG0 < 5.1.15affected
Ubiquiti IncUDW0 < 5.1.15affected
Ubiquiti IncUDR0 < 5.1.15affected
Ubiquiti IncUDR70 < 5.1.15affected
Ubiquiti IncUDR-5G0 < 5.1.15affected
Ubiquiti IncExpress 70 < 5.1.15affected
Ubiquiti IncUNVR0 < 5.1.15affected
Ubiquiti IncUNVR-Pro0 < 5.1.15affected
Ubiquiti IncUNVR-Instant0 < 5.1.15affected
Ubiquiti IncUNVR-G20 < 5.1.15affected
Ubiquiti IncUNVR-G2-Pro0 < 5.1.15affected
Ubiquiti IncENVR0 < 5.1.15affected
Ubiquiti IncENVR-Core0 < 5.1.15affected
Ubiquiti IncUNAS-20 < 5.1.16affected
Ubiquiti IncUNAS-40 < 5.1.16affected
Ubiquiti IncUNAS-Pro0 < 5.1.16affected
Ubiquiti IncUNAS-Pro-40 < 5.1.16affected
Ubiquiti IncUNAS-Pro-80 < 5.1.16affected
Ubiquiti IncUCKP0 < 5.1.15affected
Ubiquiti IncUCK0 < 5.1.15affected
Ubiquiti IncUCK-Enterprise0 < 5.1.15affected
Ubiquiti IncUCG-Ultra0 < 5.1.15affected
Ubiquiti IncUCG-Max0 < 5.1.15affected
Ubiquiti IncUCG-Fiber0 < 5.1.15affected
Ubiquiti IncUCG-Industrial0 < 5.1.15affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References