Skip to main content

UID Enterprise Agent CVE-2026-47367

| EUVDEUVD-2026-36379 CRITICAL
Improper Input Validation (CWE-20)
2026-06-12 hackerone GHSA-4fpg-88pm-v9hh
9.9
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network-reachable agent, low-complexity injection, requires a low-privileged account (PR:L), no user interaction; command execution as the agent crosses into host/management scope with full CIA impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 12, 2026 - 05:01 EUVD
Analysis Generated
Jun 12, 2026 - 03:46 vuln.today

DescriptionCVE.org

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.

AnalysisAI

Command injection in Ubiquiti UID Enterprise Agent allows a low-privileged attacker with network access to execute arbitrary commands on the host device by abusing improper input validation. The CVSS 9.9 score reflects a scope change with high confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain low-privilege agent account
Delivery
Reach UID Enterprise Agent over network
Exploit
Submit crafted input with shell metacharacters
Install
Bypass improper input validation
C2
Inject OS command into agent execution
Execute
Execute arbitrary commands on host
Impact
Pivot across scope into Ubiquiti management plane

Vulnerability AssessmentAI

Exploitation Attacker must have network reachability to the UID Enterprise Agent service and a valid low-privilege account on the agent (PR:L per CVSS), but does not need administrative rights or any user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All signals point to high real-world risk: CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H scores 9.9, indicating network-reachable, low-complexity exploitation requiring only low privileges and no user interaction, with cross-scope full-impact consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privileged account on the UID Enterprise Agent - for example via a phished helpdesk credential or a reused tenant identity - connects to the agent over the network and submits a crafted request containing shell metacharacters in a field that the agent passes unsanitized into an OS command. The agent executes the injected command on the host with its own privileges, enabling the attacker to read configuration, pivot into the Ubiquiti management plane, or stage further tools. …
Remediation Patch available per vendor advisory - consult Ubiquiti Security Advisory Bulletin 065 at https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a for the fixed UID Enterprise Agent build and upgrade all deployed agents to that version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all systems running Ubiquiti UID Enterprise Agent; assess network exposure and identify business-critical deployments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-47367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy