PatchSiren cyber security CVE debrief
CVE-2026-47370 Ubiquiti Inc CVE debrief
CVE-2026-47370 is a CRITICAL vulnerability with a CVSS score of 9.9. A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-47370) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-47370).
- Vendor
- Ubiquiti Inc
- Product
- UniFi OS Server
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of UniFi OS devices should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by Improper Input Validation in UniFi OS devices. This allows a malicious actor with low privileges and network access to inject commands.
Defensive priority
CRITICAL
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Restrict network access to UniFi OS devices to minimize the attack surface.
- Monitor UniFi OS devices for suspicious activity.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide official information about the vulnerability. A security advisory bulletin [ref-4] is also available from the vendor.
Official resources
-
CVE-2026-47370 CVE record
CVE.org
-
CVE-2026-47370 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47370 was published on 2026-06-12T04:17:06.657Z and last modified on 2026-06-12T16:10:10.070Z.