Skip to content
Auto-CTI
Back to today
NEW CRITICAL A2

CVE-2026-47369 , Improper Input Validation in UniFi OS Allows Local Privilege Escalation

A NVD · · CVE-2026-47369

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key metrics

CVSS
9.9
EPSS
0%

Key insight

The vulnerability requires existing network access with low privileges and affects locally installed UniFi OS devices, not cloud-based management consoles.

Description

CVE-2026-47369 describes an improper input validation vulnerability in UniFi OS that allows an attacker with network access and low privileges to escalate privileges within UniFi OS devices or instances. The vulnerability affects specific UniFi OS versions and requires local or network-based exploitation. No information on active exploitation or publicly available exploits is currently documented; the status regarding inclusion in the CISA KEV list is not indicated.

Risk score

100
cvss base
99.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
114.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

MITRE ATT&CK mapping

2 TTPs
Recon
Resource Dev
Initial Access
Execution
T1203 Exploitation for Client Execution
Persistence
Priv. Escal.
T1068 Exploitation for Privilege Escalation
Def. Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
Conf.: high medium low

Procedure details

Technique Tactic Procedure Conf. Source
T1068
Exploitation for Privilege Escalation
 Privilege Escalation A malicious actor with low privileges exploits an Improper Input Validation vulnerability (CVE-2026-47369) in devices running UniFi OS to escalate privileges within those devices or instances. high llm
T1203
Exploitation for Client Execution
 Execution The improper input validation vulnerability in UniFi OS devices is exploited by sending malformed or malicious input to the affected system, enabling unauthorized code execution in the context of privilege escalation. medium llm
ESC