CVE-2026-47369

Summary

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi OS Server0 < 5.1.15affected
Ubiquiti IncExpress0 < 4.0.15affected
Ubiquiti IncUDM0 < 5.1.15affected
Ubiquiti IncUDM-Pro0 < 5.1.15affected
Ubiquiti IncUDM-SE0 < 5.1.15affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.15affected
Ubiquiti IncUDM-Beast0 < 5.1.15affected
Ubiquiti IncEFG0 < 5.1.15affected
Ubiquiti IncUDW0 < 5.1.15affected
Ubiquiti IncUDR0 < 5.1.15affected
Ubiquiti IncUDR70 < 5.1.15affected
Ubiquiti IncUDR-5G0 < 5.1.15affected
Ubiquiti IncExpress 70 < 5.1.15affected
Ubiquiti IncUNVR0 < 5.1.15affected
Ubiquiti IncUNVR-Pro0 < 5.1.15affected
Ubiquiti IncUNVR-Instant0 < 5.1.15affected
Ubiquiti IncUNVR-G20 < 5.1.15affected
Ubiquiti IncUNVR-G2-Pro0 < 5.1.15affected
Ubiquiti IncENVR0 < 5.1.15affected
Ubiquiti IncENVR-Core0 < 5.1.15affected
Ubiquiti IncUNAS-20 < 5.1.16affected
Ubiquiti IncUNAS-40 < 5.1.16affected
Ubiquiti IncUNAS-Pro0 < 5.1.16affected
Ubiquiti IncUNAS-Pro-40 < 5.1.16affected
Ubiquiti IncUNAS-Pro-80 < 5.1.16affected
Ubiquiti IncUCKP0 < 5.1.15affected
Ubiquiti IncUCK0 < 5.1.15affected
Ubiquiti IncUCK-Enterprise0 < 5.1.15affected
Ubiquiti IncUCG-Ultra0 < 5.1.15affected
Ubiquiti IncUCG-Max0 < 5.1.15affected
Ubiquiti IncUCG-Fiber0 < 5.1.15affected
Ubiquiti IncUCG-Industrial0 < 5.1.15affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References