Skip to content
Auto-CTI
Back to today
NEW CRITICAL A2

CVE-2026-47370: Command Injection Vulnerability in UniFi OS

A NVD · · CVE-2026-47370

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
9.9
EPSS
0%

Key insight

The vulnerability enables Command Injection on UniFi OS devices with only low-privilege network access, presenting elevated lateral movement risk within network infrastructure.

Description

CVE-2026-47370 is an Improper Input Validation vulnerability in UniFi OS devices that allows an attacker with network access and low privileges to execute Command Injection and run arbitrary code on affected devices or instances. The vulnerability is exploited through insufficient or missing input validation. Organizations deploying UniFi OS-based network controllers and access points are affected. The status indicates this security flaw is formally documented with CVE designation; active exploits or field deployment are not evident from the brief description.

Risk score

100
cvss base
99.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
114.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

3 TTPs
Recon
Resource Dev
Initial Access
T1190 Exploit Public-Facing Application
Execution
T1059 Command and Scripting Interpreter
Persistence
Priv. Escal.
T1068 Exploitation for Privilege Escalation
Def. Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1190
Exploit Public-Facing Application
 Initial Access A low-privileged network actor exploits an Improper Input Validation vulnerability (CVE-2026-47370) in devices running UniFi OS to gain initial foothold high llm
T1059
Command and Scripting Interpreter
 Execution The Improper Input Validation vulnerability in UniFi OS allows a malicious actor to perform Command Injection, executing arbitrary commands on the affected device or instance high llm
T1068
Exploitation for Privilege Escalation
 Privilege Escalation A low-privileged actor exploits the command injection vulnerability in UniFi OS to potentially escalate privileges beyond their initial access level on the device medium llm
ESC