PatchSiren cyber security CVE debrief
CVE-2026-47367 Ubiquiti Inc CVE debrief
CVE-2026-47367 is a CRITICAL vulnerability with a CVSS score of 9.9. A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
- Vendor
- Ubiquiti Inc
- Product
- UID Enterprise Agent
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of UID Enterprise Agent should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by an Improper Input Validation in UID Enterprise Agent, which allows an attacker to inject commands on the host device. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Defensive priority
High
Recommended defensive actions
- Apply the patch or update provided by the vendor (see resourceLinkAnnotations 'ref-4')
- Restrict access to the network and monitor for suspicious activity
- Implement additional security measures to prevent Command Injection attacks
Evidence notes
The CVE record (resourceLinkAnnotations 'cve-org') and NVD detail (resourceLinkAnnotations 'nvd') provide further information about the vulnerability.
Official resources
-
CVE-2026-47367 CVE record
CVE.org
-
CVE-2026-47367 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47367 was published on 2026-06-12T04:17:06.200Z and modified on 2026-06-12T16:10:10.070Z.