Skip to main content

UniFi OS CVE-2026-33000

| EUVDEUVD-2026-31385 CRITICAL
Improper Input Validation (CWE-20)
2026-05-22 hackerone GHSA-3ggx-cv4j-6p7j
9.1
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (hackerone) · only source for this CVE.

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 22, 2026 - 02:01 EUVD
Analysis Generated
May 22, 2026 - 01:44 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

AnalysisAI

Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary operating system commands by abusing improperly validated input. The flaw carries a critical CVSS 9.1 score with scope change, indicating successful exploitation can break out of the originating security context, though no public exploit identified at time of analysis.

Technical ContextAI

The affected component is Ubiquiti's UniFi OS Server (per CPE cpe:2.3:a:ubiquiti_inc:unifi_os_server), the management platform that runs across Ubiquiti's UniFi gateway, controller, and Cloud Key appliances. CWE-20 (Improper Input Validation) is the root cause class: user-supplied input passed to an administrative function reaches an operating system command interpreter without adequate sanitization or allowlisting, enabling injection of shell metacharacters or additional commands. The scope-changed CVSS rating (S:C) indicates the command executes under a security context broader than the calling administrative interface, consistent with web/management code that shells out to underlying OS utilities running with elevated UniFi service privileges.

RemediationAI

Patch available per vendor advisory - consult Ubiquiti Security Advisory Bulletin 064 at https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b for the exact fixed UniFi OS version and apply the firmware update to all UniFi consoles in the environment. As compensating controls until patching is complete, restrict the UniFi OS management interface (typically HTTPS on the LAN/management VLAN) to a dedicated admin network using firewall ACLs so PR:H exploitation cannot be reached from general user segments; rotate any shared administrator credentials and ensure each admin has a unique account so a compromised credential can be revoked individually; and enable two-factor authentication on UniFi SSO admin accounts to raise the cost of credential-based pivot to the privileged role required by the bug. These controls reduce exploit reachability but do not remove the vulnerability and may interrupt remote-admin workflows for staff who previously managed UniFi from arbitrary networks.

CVE-2026-34910 CRITICAL POC
10.0 May 22

Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar

CVE-2026-34909 CRITICAL POC
10.0 May 22

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin

CVE-2026-34908 CRITICAL POC
10.0 May 22

Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur

CVE-2026-47370 CRITICAL
9.9 Jun 12

Authenticated command injection in Ubiquiti UniFi OS allows low-privileged network-adjacent attackers to execute arbitra

CVE-2026-47369 CRITICAL
9.9 Jun 12

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged attacker with network access to elevate privileges on

CVE-2026-54402 HIGH
8.8 Jul 02

Command injection in Ubiquiti UniFi OS (all builds before 5.1.19) lets a low-privileged user on the same network run arb

CVE-2026-54404 HIGH
8.8 Jul 02

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged, network-adjacent user to chain a series of authentica

CVE-2026-54401 HIGH
8.8 Jul 02

Privilege escalation via Server-Side Request Forgery affects Ubiquiti UniFi OS devices and the UniFi OS Server across th

CVE-2026-54403 HIGH
8.6 Jul 02

Authentication bypass in Ubiquiti UniFi OS devices allows a network-adjacent attacker to abuse a path traversal flaw (CW

CVE-2026-47368 HIGH
8.6 Jun 12

Information disclosure in Ubiquiti UniFi OS devices allows unauthenticated network-adjacent attackers to read sensitive

CVE-2026-34911 HIGH
7.7 May 22

Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file

CVE-2026-55110 MEDIUM
6.1 Jul 02

Cross-site session abuse in Ubiquiti UniFi OS lets a remote attacker who lures an authenticated operator to a malicious

Share

CVE-2026-33000 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy