Ubiquiti UniFi OS: 11 Critical Vulnerabilities Patched — Multiple CVSS 9.9 Command Injection, Path Traversal, SQL Injection

Ubiquiti UniFi OS: 11 Critical Vulnerabilities Patched — Multiple CVSS 9.9 Command Injection, Path Traversal, SQL Injection

CVE: Multiple — see references | CVSS Range: 7.5 – 9.9 (Critical) | Vendor: Ubiquiti | Product: UniFi OS | Key CVEs: CVE-2026-47369 (CVSS 9.9, command injection), CVE-2026-47370 (CVSS 9.9, command injection), CVE-2026-54402 (CVSS 9.9, command injection), CVE-2026-47368 (CVSS 8.6, path traversal), CVE-2026-54403 (CVSS 8.6, path traversal → auth bypass), CVE-2026-54404 (CVSS 8.8, SQL injection), plus SSRF, CORS misconfiguration, access control vulnerabilities


What Is the Vulnerability

Ubiquiti has released security updates patching 11 critical vulnerabilities in UniFi OS, including multiple maximum-severity command injection flaws. The most severe (CVE-2026-47369, CVE-2026-47370, CVE-2026-54402 — all CVSS 9.9) allow a low-privileged attacker with network access to execute arbitrary commands on the host device via improper input validation. Additional vulnerabilities include path traversal allowing data exfiltration and authentication bypass (CVE-2026-47368, CVE-2026-54403), SQL injection enabling privilege escalation (CVE-2026-54404), and SSRF (CVE-2026-54401). This is the largest single-patch Ubiquiti security release in recent memory and suggests a significant internal security audit.


Versions Affected

  • Ubiquiti UniFi OS — specific device firmware versions per Ubiquiti security advisory

These vulnerabilities affect various UniFi devices including gateways, switches, access points, and cloud keys. These are separate from the existing CISA KEV-listed UniFi vulnerabilities (CVE-2026-34908/909/910) which remain unpatched on many installations.


Exploited?

No confirmed exploitation reported at time of publication. Ubiquiti released patches proactively. However, given the severity (multiple CVSS 9.9) and the nature of command injection vulnerabilities, exploitation is expected once technical details circulate.


Fix

Ubiquiti has released firmware updates addressing all 11 vulnerabilities.

  • Primary fix: Update UniFi OS to the latest patched firmware version per Ubiquiti advisory.
  • Workaround: Restrict network access to UniFi management interfaces to trusted IPs only.

Recommendations

  • Apply firmware updates immediately: Prioritise command injection and path traversal vulnerabilities.
  • Restrict network access: Ensure UniFi management interfaces are not exposed to untrusted networks.
  • Patch existing KEV CVEs: CVE-2026-34908/909/910 remain 12 days overdue — patch them alongside these new updates.
  • Audit configurations: Review UniFi device configurations for any signs of unauthorized changes.

References


Part of the Vulnerability Intelligence series on threat-modeling.com. July 8, 2026 Report.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).

AND / OR

Try my threat modeling tool, it's completely free to use.

Thanks for signing up!