What is the CVSS score of CVE-2026-47368?

CVE-2026-47368 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

How to fix or mitigate CVE-2026-47368?

Within 24 hours: Inventory all Ubiquiti UniFi OS deployments and document network connectivity paths to identify exposure surface. Within 7 days: Implement network segmentation to restrict management interface access to authorized administrative subnets; deploy or update intrusion detection rules to monitor for CVE-2026-47368 path traversal exploitation attempts. Within 30 days: Monitor Ubiquiti security advisories for patch availability and develop a deployment plan; consider temporary operational mitigations such as air-gapping critical controllers pending patch release.

UniFi OS CVE-2026-47368

Q: Which versions of UniFi OS are affected by CVE-2026-47368?

A critical information disclosure vulnerability in Ubiquiti UniFi OS allows unauthenticated network-adjacent attackers to read sensitive data through path traversal, directly compromising the…. A patch is available.

EUVD-2026-36381 HIGH

Path Traversal (CWE-22)

2026-06-12 hackerone

GHSA-4wqw-89qw-8r56

Path Traversal Ubiquiti Unifi Os Server Express Udm Udm Pro Udm Se Udm Pro Max Udm Beast Efg Udw Udr Udr7 Udr 5G Express 7 Unvr Unvr Pro Unvr Instant Unvr G2 Unvr G2 Pro Envr Envr Core Unas 2 Unas 4 Unas Pro Unas Pro 4 Unas Pro 8 Uckp Uck Uck Enterprise Ucg Ultra Ucg Max Ucg Fiber Ucg Industrial

8.6

CVSS 3.1 · Vendor: hackerone

Severity by source

Vendor (hackerone) PRIMARY

8.6 HIGH

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

vuln.today AI

8.6 HIGH

Network-reachable management endpoint with no auth or UI (AV:N/AC:L/PR:N/UI:N); path traversal reads files beyond the web component's authority (S:C, C:H); read-only flaw, so I:N/A:N.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Jun 12, 2026 - 05:01 EUVD

Analysis Generated

Jun 12, 2026 - 03:47 vuln.today

DescriptionCVE.org

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.

Articles & Coverage 1

News 4 New Ubiquiti Vulnerabilities - 2 Critical, 2 High Severity Jun 13, 2026

AnalysisAI

Information disclosure in Ubiquiti UniFi OS devices allows unauthenticated network-adjacent attackers to read sensitive data via a path traversal flaw (CWE-22). The high CVSS 8.6 score reflects a scope change with high confidentiality impact, indicating that disclosed data can affect resources beyond the vulnerable component itself. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify reachable UniFi OS device

Delivery

Send crafted HTTP request with traversal payload

Exploit

Server resolves path outside web root

Execution

Read sensitive files (configs, credentials)

Persist

Exfiltrate disclosed data

Impact

Pivot using harvested secrets

Access

Identify reachable UniFi OS device

Delivery

Send crafted HTTP request with traversal payload

Exploit

Server resolves path outside web root

Execution

Read sensitive files (configs, credentials)

Persist

Exfiltrate disclosed data

Impact

Pivot using harvested secrets

Vulnerability AssessmentAI

Exploitation	Exploitation requires network reachability to the UniFi OS management/web service on an affected device or UniFi OS Server instance - the description specifies 'access to the network', and the CVSS vector confirms AV:N/PR:N/UI:N, so no authentication, user interaction, or special configuration is needed against a default-exposed management interface. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, base 8.6) describes a high-severity, easily reachable, unauthenticated read-only flaw whose impact extends beyond the vulnerable component (S:C, C:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker positioned on the same network as a UniFi gateway (for example, a guest Wi-Fi client, a compromised IoT device on the LAN, or - where the management interface is internet-exposed - any remote host) sends a crafted HTTP/HTTPS request to a vulnerable UniFi OS endpoint with a path parameter containing '../' sequences. The traversal escapes the intended directory and returns the contents of sensitive files such as configuration backups, credential stores, or session/token material. …
Remediation	Patch available per vendor advisory: upgrade affected UniFi OS devices and UniFi OS Server installations to the firmware versions listed in Ubiquiti Security Advisory Bulletin 065 (https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a) - specific fix versions were not included in the supplied input and must be read from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.