UniFi OS Improper Input Validation Vulnerability Leading to Command Injection

Vulnerability

A vulnerability allowing command injection has been identified in UniFi OS devices. This issue arises from improper input validation, and can be exploited by a malicious actor with high privileges and access to the network.

Impact

Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the affected device.

Added: May 22, 2026, 2:21 AM

Updated: May 22, 2026, 2:21 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.0

remediation

0.0

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.0

remediation

0.0

relevance

9.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UniFi OS Improper Input Validation Vulnerability Leading to Command Injection

Vulnerability

Impact

Affected Products

Ubiquiti UniFi OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating