EUVD-2026-31385
GHSA-3ggx-cv4j-6p7j
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
AnalysisAI
Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary operating system commands by abusing improperly validated input. The flaw carries a critical CVSS 9.1 score with scope change, indicating successful exploitation can break out of the originating security context, though no public exploit identified at time of analysis.
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Ubiquiti UniFi OS deployments, document firmware versions, and assess network exposure. No public exploit has been identified at time of analysis, though this does not reduce urgency given critical severity. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file
Share
External POC / Exploit Code
Leaving vuln.today