CVE-2026-47368 , Path Traversal Vulnerability in UniFi OS
A NVD · · CVE-2026-47368
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key metrics
- CVSS
- 8.6
- EPSS
- 0%
Key insight
The vulnerability enables data theft directly from UniFi devices by network-internal attackers without requiring authentication.
Description
CVE-2026-47368 is a Path Traversal vulnerability in UniFi OS that allows an attacker with network access to access sensitive data or compromise devices. The vulnerability affects certain UniFi OS versions and requires internal network positioning; remote Internet-based exploitation is not indicated. CVSS score and specific attack scenarios depend on UniFi network topology and whether authentication bypass is possible. Patches or mitigations from Ubiquiti should be reviewed promptly.
Risk score
- cvss base
- 86.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 101.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational