Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable agent, low-complexity injection, requires a low-privileged account (PR:L), no user interaction; command execution as the agent crosses into host/management scope with full CIA impact.
Primary rating from Vendor (hackerone).
CVSS VectorVendor: hackerone
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
AnalysisAI
Command injection in Ubiquiti UID Enterprise Agent allows a low-privileged attacker with network access to execute arbitrary commands on the host device by abusing improper input validation. The CVSS 9.9 score reflects a scope change with high confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have network reachability to the UID Enterprise Agent service and a valid low-privilege account on the agent (PR:L per CVSS), but does not need administrative rights or any user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All signals point to high real-world risk: CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H scores 9.9, indicating network-reachable, low-complexity exploitation requiring only low privileges and no user interaction, with cross-scope full-impact consequences. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a low-privileged account on the UID Enterprise Agent - for example via a phished helpdesk credential or a reused tenant identity - connects to the agent over the network and submits a crafted request containing shell metacharacters in a field that the agent passes unsanitized into an OS command. The agent executes the injected command on the host with its own privileges, enabling the attacker to read configuration, pivot into the Ubiquiti management plane, or stage further tools. … |
| Remediation | Patch available per vendor advisory - consult Ubiquiti Security Advisory Bulletin 065 at https://community.ui.com/releases/Security-Advisory-Bulletin-065-065/aa46a22b-fc43-4eae-9382-6fc8feda967a for the fixed UID Enterprise Agent build and upgrade all deployed agents to that version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all systems running Ubiquiti UID Enterprise Agent; assess network exposure and identify business-critical deployments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36379
GHSA-4fpg-88pm-v9hh