CVE-2026-48610
A NVD · · CVE-2026-48610
Admiralty grading (A–F · 1–6)
Source reliability
- A Completely reliable
- B Usually reliable
- C Fairly reliable
- D Not usually reliable
- E Unreliable
- F Cannot be judged
Information credibility
- 1 Confirmed
- 2 Probably true
- 3 Possibly true
- 4 Doubtful
- 5 Improbable
- 6 Cannot be judged
NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.
Key metrics
- CVSS
- 8.1
- EPSS
- 0%
Key insight
The vulnerability allows unauthorized network-based modification of UniFi OS device configurations without authentication.
Description
An improper access control vulnerability in UniFi OS devices allows an attacker with network access to make unauthorized changes to affected devices. The vulnerability is exploited under certain network configurations and enables compromise or manipulation of network management functions. CVE-2026-48610 is classified as a critical configuration risk because it jeopardizes the integrity of network management.
Risk score
- cvss base
- 81.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 96.00
- industry weight
- 1.21
- freshness factor
- 1.00
- exploitability factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
Path: operational