ZeroPath at Black Hat USA 2026

Quick Look: CVE-2026-47370 Command Injection in Ubiquiti UniFi OS (CVSS 9.9)

A brief summary of CVE-2026-47370, a CVSS 9.9 command injection vulnerability in Ubiquiti UniFi OS that allows low privileged network attackers to hijack host devices. Includes patch information and affected version details across the full UniFi hardware console line.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-06-11

Quick Look: CVE-2026-47370 Command Injection in Ubiquiti UniFi OS (CVSS 9.9)
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A low privileged user on the network can inject arbitrary commands into Ubiquiti UniFi OS devices and take complete control of the host, spanning every Cloud Gateway, Dream Machine, UNVR, and self hosted UniFi OS Server in the product line. CVE-2026-47370 carries a CVSS score of 9.9 and is one of three near maximum severity flaws disclosed in Ubiquiti's Security Advisory Bulletin 065, arriving just three weeks after Bulletin 064 delivered three perfect 10.0 CVSS vulnerabilities in the same platform.

Technical Information

Root Cause: CWE-20 Improper Input Validation

CVE-2026-47370 is classified under CWE-20 (Improper Input Validation). The UniFi OS fails to properly validate or sanitize certain inputs before incorporating them into a system command execution context. This allows an attacker to inject and execute arbitrary operating system commands on the underlying device.

The NVD description states: "A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances."

Attack Prerequisites

The exploitation requirements are notably minimal:

PrerequisiteDetail
Network accessThe attacker must be able to reach the UniFi OS device over the network
Low privilegesOnly low level privileges are required; administrative access is not needed

This low privilege threshold is a meaningful distinction from the related CVE-2026-34910 in Bulletin 064, which required high privileges for its command injection. That earlier flaw was still devastating because Bishop Fox demonstrated it could be chained with CVE-2026-34908 (an authentication bypass) to eliminate the privilege requirement entirely. CVE-2026-47370 starts from a lower baseline, meaning it may be directly exploitable without needing an authentication bypass precursor.

Impact: Full Host Takeover

SecurityOnline characterizes the impact of CVE-2026-47370 as enabling an attacker to "completely hijack the host device, granting them absolute control over network operations." The CVSS 9.9 score reflects severe impacts across confidentiality, integrity, and availability. On a compromised UniFi OS device, this means control over routing, firewall rules, VPN configurations, and potentially lateral access to the entire managed network.

Chaining Potential Within Bulletin 065

CVE-2026-47370 does not exist in isolation. Bulletin 065 addresses five vulnerabilities across UniFi OS and the UID Enterprise Agent:

CVETypeCVSSAffected ProductPatch Version
CVE-2026-47367Command Injection9.9UID Enterprise Agent1.61.4
CVE-2026-47368Path TraversalHighUniFi OS5.1.15
CVE-2026-47369Privilege Escalation9.9UniFi OS5.1.15
CVE-2026-47370Command Injection / Host Hijack9.9UniFi OS5.1.15
CVE-2026-48610Improper Access ControlNot specifiedUniFi OS5.1.15

The combination of command injection, privilege escalation, path traversal, and improper access control within a single advisory raises serious chaining concerns. CVE-2026-47370 could potentially be combined with CVE-2026-47368 (path traversal) or CVE-2026-47369 (privilege escalation) to amplify impact beyond what any single flaw achieves alone.

Lessons from Bulletin 064: Chaining Is Not Theoretical

Bishop Fox security researcher John Sim published a detailed technical analysis of the Bulletin 064 vulnerabilities demonstrating that CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 could be chained into a single HTTP request that achieved unauthenticated root shell access. The chain worked as follows:

  1. Authentication bypass (CVE-2026-34908): Nginx's authentication gateway compared the raw URI against a public route prefix while routing based on a normalized URI, allowing bypass via encoded traversal sequences.
  2. Path traversal (CVE-2026-34909): The traversal reached internal endpoints not intended to be externally accessible.
  3. Command injection (CVE-2026-34910): The package-update endpoint interpolated an attacker supplied package name verbatim into a shell command via an sh -c wrapper without sanitization.

While the specific code path for CVE-2026-47370 has not been publicly detailed, the structural parallels with Bulletin 064's command injection (unsanitized input reaching a system command interface in the same operating system) suggest a similar pattern. The specific component, whether it is the same package-update / ulp-go component or a different one, remains unknown.

Post Exploitation Considerations

Bishop Fox's analysis of Bulletin 064 revealed that root access on UniFi OS exposes the JWT signing key stored in jwt.yaml. Because UniFi uses symmetric HS256 signing without algorithm pinning, an attacker with this key can forge valid admin session tokens that survive patching. This finding, while specific to Bulletin 064, is directly relevant: any UniFi OS device compromised via CVE-2026-47370 before patching should be assumed to have had its cryptographic material exfiltrated.

Patch Information

Ubiquiti has addressed CVE-2026-47370 through firmware updates documented in Security Advisory Bulletin 065, published on June 10, 2026. The vulnerability was credited to security researcher Brandon Rossi and reported through HackerOne.

The patch introduces improved input validation to neutralize the command injection attack vector. Because this vulnerability resides in Ubiquiti's proprietary UniFi OS firmware, the fix is delivered as closed source firmware updates with no source level code diffs or commits publicly available.

The fixed firmware versions differ by device family, which is important because Ubiquiti ships distinct firmware builds per hardware line:

Device FamilyExamplesFixed VersionVulnerable Versions
Most UniFi OS devicesUDM, UDM Pro, UDM SE, UDM Pro Max, EFG, UDW, UDR, UDR7, UDR 5G, Express 7, UCK, UCKP, UCK Enterprise, UNVR, UNVR Pro, UNVR Instant, ENVR, ENVR Core, UNVR G2, UNVR G2 Pro, UCG Ultra, UCG Max, UCG Industrial, UCG FiberUniFi OS 5.1.15 or later5.1.12 and earlier
UDM BeastUDM BeastUniFi OS 5.1.15 or later5.1.11 and earlier
UniFi OS ServerSelf hostedVersion 5.1.15 or later5.0.8 and earlier
UNAS devicesUNAS 2, UNAS 4, UNAS Pro, UNAS Pro 4, UNAS Pro 8UniFi OS 5.1.16 or later5.1.10 and earlier
ExpressExpressUniFi OS 4.0.15 or later4.0.14 and earlier

Note the UNAS line requires version 5.1.16 (not 5.1.15), and the Express line follows its own versioning scheme (4.x rather than 5.x). These differences stem from divergent firmware build pipelines across hardware platforms.

Ubiquiti has published individual firmware release pages for each affected product family, all linked from Bulletin 065. Updates are available through the standard Ubiquiti firmware update channels.

Post patch actions for previously exposed systems: Any system that was network accessible and unpatched before the Bulletin 065 release should be treated as potentially compromised. Given the demonstrated ability (from Bulletin 064 research) of attackers to exfiltrate JWT signing keys and forge persistent admin sessions from compromised UniFi OS devices, organizations should perform full credential rotation, session invalidation, and forensic review after applying the update.

Additionally, the UID Enterprise Agent should be updated to version 1.61.4 or later to address CVE-2026-47367. Applying only the UniFi OS update without updating the Enterprise Agent leaves that separate command injection vulnerability unaddressed.

Affected Systems and Versions

CVE-2026-47370 affects the entire UniFi hardware console line running UniFi OS. The specific vulnerable version ranges are:

UniFi OS 5.x devices (most of the product line):

  • UDM, UDM Pro, UDM SE, UDM Pro Max: versions 5.1.12 and earlier
  • UDM Beast: versions 5.1.11 and earlier
  • Enterprise Fortress Gateway (EFG), UDW: versions 5.1.12 and earlier
  • UDR, UDR7, UDR 5G: versions 5.1.12 and earlier
  • Express 7: versions 5.1.12 and earlier
  • UCK, UCKP, UCK Enterprise (Cloud Keys): versions 5.1.12 and earlier
  • UNVR, UNVR Pro, UNVR Instant, UNVR G2, UNVR G2 Pro: versions 5.1.12 and earlier
  • ENVR, ENVR Core: versions 5.1.12 and earlier
  • UCG Ultra, UCG Max, UCG Industrial, UCG Fiber (Cloud Gateways): versions 5.1.12 and earlier

UNAS devices:

  • UNAS 2, UNAS 4, UNAS Pro, UNAS Pro 4, UNAS Pro 8: versions 5.1.10 and earlier

Express:

  • Express: versions 4.0.14 and earlier

UniFi OS Server (self hosted):

  • Versions 5.0.8 and earlier

Vendor Security History

Ubiquiti's recent security track record shows a pattern of critical vulnerabilities concentrated in the UniFi OS platform over a short timeframe:

AdvisoryDateCVEsSeverityVulnerability Types
UniFi Network AppMarch 2026CVE-2026-22557, CVE-2026-22558CVSS 10.0, HighPath traversal, NoSQL injection
Bulletin 064May 21, 2026CVE-2026-34908, 34909, 34910, 349113x CVSS 10.0, 1x CVSS 7.7Improper access control, path traversal, command injection
Bulletin 065June 10, 2026CVE-2026-47367, 47368, 47369, 47370, 486103x CVSS 9.9Command injection, privilege escalation, path traversal, improper access control

Three critical advisories within a three month window, each containing maximum or near maximum severity vulnerabilities exploitable remotely, points to a systemic weakness in how UniFi OS handles input sanitization across its components rather than isolated coding errors. The recurring vulnerability types (improper input validation leading to command injection, path traversal enabling further access, privilege escalation) suggest these issues share common architectural roots.

Ubiquiti operates a coordinated vulnerability disclosure program through HackerOne, which is a positive security practice. However, the frequency and severity of recent disclosures indicates the platform's security architecture requires deeper investment in secure development practices, particularly around input validation and command execution paths.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization