74 matches found
CVE-2026-47370
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
CVE-2026-47369
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...
CVE-2026-47368
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances...
UniFi OS Server - Command Injection
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. id: CVE-2026-34910 info: name: UniFi OS Server - Command Injection author: Kazgangap severity: critical description: | A malicious actor...
CVE-2026-47370
Technical details are not publicly available in the provided documents. Monitor for updates on affected UniFi OS devices and remediation guidance.
CVE-2026-47368
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances...
CVE-2026-47368
CVE-2026-47368 describes a path traversal vulnerability in certain UniFi OS devices. The issue could allow an attacker with network access to obtain data from UniFi OS devices or instances. The CVSS vector indicates a network, low complexity, no privileges required, with high confidentiality impa...
EUVD-2026-36384
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
EUVD-2026-36383
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...
CVE-2026-47370
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
CVE-2026-47369
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...
CVE-2026-48610
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
EUVD-2026-36378
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
PT-2026-48823
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances...
PT-2026-48825
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...
PT-2026-48822
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances...
PT-2026-48824
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances...
PT-2026-48501
CVE-2026-34908 is a CVSS 10.0 improper access control flaw in UniFi OS Server where nginx evaluates the raw request URI for authentication but routes using the normalized URI, allowing unauthenticated attackers to reach protected endpoints and chain into full root RCE...
UniFi OS Server Unauthenticated Remote Code Execution Chain Detection Script
This tool is a safe detector for the unauthenticated remote code execution chain in UniFi OS Server versions 5.0.6 and below, as disclosed in Ubiquiti Security Advisory Bulletin 064...
Exploit for CVE-2026-34908
UniFi OS Server Unauth RCE Chain Detection Script A safe dete...