Skip to main content

UniFi OS CVE-2026-54403

| EUVDEUVD-2026-41381 HIGH
Path Traversal (CWE-22)
2026-07-02 hackerone GHSA-x73q-38h3-xg4c
8.6
CVSS 3.1 · Vendor: hackerone
Share

Severity by source

Vendor (hackerone) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vuln.today AI
8.6 HIGH

Unauthenticated network path traversal (PR:N/AC:L) bypassing auth on the OS to expose managed-device resources justifies S:C and C:H, with no stated integrity or availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (hackerone).

CVSS VectorVendor: hackerone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jul 02, 2026 - 16:17 EUVD
Analysis Generated
Jul 02, 2026 - 15:33 vuln.today

DescriptionCVE.org

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.

AnalysisAI

Authentication bypass in Ubiquiti UniFi OS devices allows a network-adjacent attacker to abuse a path traversal flaw (CWE-22) to reach protected functionality without valid credentials, affecting a broad hardware line including Dream Machines/Routers/Wall, Cloud Gateways/Keys, Express 7, Enterprise Fortress Gateway, and the UniFi OS Server software. The CVSS 8.6 rating is driven by an unauthenticated, low-complexity network vector combined with a scope change (S:C), meaning the compromised authentication boundary exposes managed device data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach UniFi OS management interface
Delivery
Send crafted path-traversal request
Exploit
Escape intended directory restriction
Execution
Bypass authentication check
Impact
Access protected device data/functions

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the UniFi OS device's management/web interface and a device running a vulnerable UniFi OS build; per the vendor, the actor needs 'access to the network' the device is on, so the practical prerequisite is a routable path to the management plane (LAN, adjacent VLAN, VPN, or internet exposure). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) describes a genuinely low-barrier attack: remote, no authentication, no user interaction, low complexity, with a scope change and high confidentiality impact - the classic profile of a serious auth-bypass. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with reachability to a UniFi OS device's management interface - for example on the same LAN, a guest/IoT segment that can route to it, or an internet-exposed console - sends a crafted request containing traversal sequences to a path-handling endpoint. The malformed path resolves to a protected resource, letting the attacker bypass authentication and access controller data or functionality without any credentials or user interaction. …
Remediation Patch available per vendor advisory: update every affected UniFi OS console and the UniFi OS Server to the fixed firmware/software build listed in Ubiquiti Security Advisory Bulletin 066 (https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc); exact fixed version numbers are not included in the provided data and should be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all affected Ubiquiti UniFi OS devices and implement firewall rules to restrict access to management interfaces; enable network access logging. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-34910 CRITICAL POC
10.0 May 22

Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar

CVE-2026-34909 CRITICAL POC
10.0 May 22

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin

CVE-2026-34908 CRITICAL POC
10.0 May 22

Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur

CVE-2026-47370 CRITICAL
9.9 Jun 12

Authenticated command injection in Ubiquiti UniFi OS allows low-privileged network-adjacent attackers to execute arbitra

CVE-2026-47369 CRITICAL
9.9 Jun 12

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged attacker with network access to elevate privileges on

CVE-2026-33000 CRITICAL
9.1 May 22

Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary ope

CVE-2026-54402 HIGH
8.8 Jul 02

Command injection in Ubiquiti UniFi OS (all builds before 5.1.19) lets a low-privileged user on the same network run arb

CVE-2026-54404 HIGH
8.8 Jul 02

Privilege escalation in Ubiquiti UniFi OS allows a low-privileged, network-adjacent user to chain a series of authentica

CVE-2026-54401 HIGH
8.8 Jul 02

Privilege escalation via Server-Side Request Forgery affects Ubiquiti UniFi OS devices and the UniFi OS Server across th

CVE-2026-47368 HIGH
8.6 Jun 12

Information disclosure in Ubiquiti UniFi OS devices allows unauthenticated network-adjacent attackers to read sensitive

CVE-2026-34911 HIGH
7.7 May 22

Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file

CVE-2026-55110 MEDIUM
6.1 Jul 02

Cross-site session abuse in Ubiquiti UniFi OS lets a remote attacker who lures an authenticated operator to a malicious

Share

CVE-2026-54403 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy