UniFi hit by 15 flaws at once: cameras, door locks, routers, CVE-2026-50746
On July 2, 2026, networking brand UniFi disclosed 15 new vulnerabilities. Security cameras, door-access control, and routers are all in scope, and 6 can be exploited with no login. Earlier holes are already used in real attacks; we lay out the fixed version per product and the update steps to do first.
Table of contents
On July 2, 2026, networking brand UniFi disclosed 15 new vulnerabilities. Security cameras, door-access control, and routers are all in scope, and 6 can be exploited with no login. Earlier holes are already used in real attacks; we lay out the fixed version per product and the update steps to do first.
Update (July 2, 2026): Bulletin 066 lands 15 flaws across UniFi at once β cameras, door locks, and routers
On July 2, 2026, Ubiquiti published its official advisory "Bulletin 066," disclosing 15 vulnerabilities spanning nearly the whole UniFi brand at once. It is not just the routers and gateways at the heart of the network (UniFi OS). The list reaches security-camera management (UniFi Protect), the door and office access control that governs entry (UniFi Access), the network-management software (UniFi Network), IP phones (UniFi Talk), and store signage integration (UniFi Connect). The worst single flaw is CVE-2026-50746, whose CVSS (the Common Vulnerability Scoring System, a 0β10 measure of severity) is a perfect 10.0: an attacker can push arbitrary commands to the device with no login at all.
Of the 15, 6 need no login (unauthenticated) to exploit, and the rest use "a low-privileged user who can reach the network" as a foothold to take over the device or steal data. One relief is that Ubiquiti has a fix for all 15. But the holes disclosed earlier (Bulletin 064/065, covered below) are already on the US CISA's list of vulnerabilities exploited in real attacks (KEV) and are being targeted right now. UniFi is very much in attackers' sights, so treat these 15 on a "once it's public, it's fast" footing.
β Confirmed facts
- βOn July 2, 2026, Ubiquiti disclosed 15 vulnerabilities in UniFi-related products in Bulletin 066 (Ubiquiti Community)
- βThe worst is CVE-2026-50746 (UniFi Connect, CVSS 10.0, arbitrary command execution with no authentication)
- βAll 15 have fixes available; 6 of them are exploitable without authentication (per each CVE's NVD entry)
? Unconfirmed
- ?For these 15, no CISA KEV listing or real-world exploitation has been confirmed as of writing (the three earlier flaws are already on KEV)
- ?Each CVSS was assigned by Ubiquiti (via HackerOne); NVD's own re-assessment is not yet available as of writing
An attacker who can reach the management interface over the network β anyone in the world if the interface is exposed to the internet, or an insider who slips onto the office LAN or a store's free Wi-Fi β can hit some of these 15 with no login. No username or password required.
And it is not only the network's front door at stake. An attacker may be able to peek at security-camera footage, or reach into access control to touch unlock records and door operation. Because UniFi bundles networking, video, and physical security into one system, a takeover puts far more at risk.
For the people who use these services, it means camera footage, communications, and entry logs for a home or office can end up in someone else's hands. For the companies that run them, it means losing trust in the network backbone and the physical security setup at the same time. Fixes are in "What to do about these 15 right now" just below, and in the shared mitigations later in this article.
Here are the 15 flaws in Bulletin 066, organized by product. Rows where authentication is "None" are the ones exploitable without a login, so watch those most closely.
| Product | CVE | CVSS | Auth | Issue |
|---|---|---|---|---|
| UniFi Connect | CVE-2026-50746 | 10.0 | None | Command injection to arbitrary code execution |
| UniFi OS | CVE-2026-54402 | 9.9 | Low | Command injection to arbitrary commands |
| UniFi OS | CVE-2026-55116 | 9.0 | None | Access-control flaw to alter device settings |
| UniFi OS | CVE-2026-54404 | 8.8 | Low | SQL injection to privilege escalation |
| UniFi OS | CVE-2026-54403 | 8.6 | None | Path traversal to bypass login |
| UniFi Protect | CVE-2026-55115 | 9.9 | Low | SSRF to seize host privileges |
| UniFi Protect | CVE-2026-56841 | 8.8 | Low | SQL injection to privilege escalation |
| UniFi Protect | CVE-2026-54407 | 8.6 | None | API authentication bypass |
| UniFi Protect | CVE-2026-54408 | 8.6 | None | Video-stream authentication bypass |
| UniFi Access | CVE-2026-50748 | 9.9 | Low | Command injection to arbitrary commands |
| UniFi Access | CVE-2026-54400 | 9.1 | High | Access-control flaw to privilege escalation |
| UniFi Access | CVE-2026-55117 | 8.6 | None | Path traversal to read device files |
| UniFi Network | CVE-2026-55114 | 8.8 | Low | Access-control flaw to privilege escalation |
| UniFi Network | CVE-2026-54406 | 8.7 | High | Path traversal to seize write access |
| UniFi Talk | CVE-2026-50747 | 9.9 | Low | SQL injection to privilege escalation |
CVE-2026-50746: UniFi Connect, takeover with no authentication (CVSS 10.0)
UniFi Connect is the app that runs store and office digital signage (electronic display boards) and TV screens under UniFi's management. A weak input check here lets an attacker run arbitrary commands with no login at all. It is command injection (slipping unexpected commands into the device so it runs them) and the only perfect 10.0 among the 15. The fix is 3.4.20; everything below it is affected.
UniFi OS (the router/gateway core): four flaws
UniFi OS is the base software that runs the network's central devices β Dream Machine, Cloud Gateway, Enterprise Fortress Gateway, and more. There are four here: low-privilege command injection (CVE-2026-54402, CVSS 9.9), an unauthenticated access-control flaw that lets settings be rewritten (CVE-2026-55116, 9.0), SQL injection to privilege escalation (CVE-2026-54404), and an unauthenticated path traversal that bypasses login (CVE-2026-54403). The fix for all is UniFi OS 5.1.19. Even devices you updated for Bulletin 064/065 need to be bumped once more to 5.1.19.
UniFi Protect (camera management): four flaws
UniFi Protect is the app for recording and viewing security-camera footage. An unauthenticated API authentication bypass (CVE-2026-54407) and a video-stream authentication bypass (CVE-2026-54408) both open a door for someone not logged in to reach footage or features. On top of that are a low-privilege SSRF that pivots through the server (CVE-2026-55115, CVSS 9.9) and SQL injection (CVE-2026-56841). The fix is 7.1.83. A camera installed for security turning into a peephole is what makes this group so serious.
UniFi Access (entry control): three flaws
UniFi Access electronically manages office doors and building entry. Alongside low-privilege command injection (CVE-2026-50748, CVSS 9.9) and a high-privilege abuse leading to privilege escalation (CVE-2026-54400, 9.1), an unauthenticated path traversal can read files on the device (CVE-2026-55117). When a software hole opens in a physical lock system, the worries are theft of unlock records and knock-on effects on door control. The fix is 4.2.29.
UniFi Network and Talk, too
The UniFi Network Application (network management) has two: low-privilege privilege escalation (CVE-2026-55114) and path traversal that seizes write access (CVE-2026-54406); the fix is 10.4.57. The IP-phone service UniFi Talk has a low-privilege SQL injection leading to privilege escalation (CVE-2026-50747, CVSS 9.9), fixed in 5.2.2.
Fixed-version quick reference (Bulletin 066)
The version to fix on differs per product this time. Check each UniFi product you run against the table below.
| Product | Role | Fixed version |
|---|---|---|
| UniFi Connect | Signage integration | 3.4.20 or later |
| UniFi OS | Router / gateway core | 5.1.19 or later |
| UniFi Protect | Camera management | 7.1.83 or later |
| UniFi Access | Entry control | 4.2.29 or later |
| UniFi Network Application | Network management | 10.4.57 or later |
| UniFi Talk | IP phones | 5.2.2 or later |
Exact versions are updated on the official advisory (Bulletin 066).
What to do about these 15 right now
Immediate steps
- 1.List the UniFi products you use (OS core / Protect / Access / Network / Talk / Connect) and update each to at least the fixed version in the table above
- 2.Because 6 flaws are exploitable without a login, cut off internet exposure of the management interface and each app (see "Interim mitigations to apply at minimum" later in this article)
- 3.If you have not yet updated for the earlier round (Bulletin 064/065) and rotated your secrets, do that at the same time
The earlier timeline β three CVSS 10.0 flaws in May's Bulletin 064, four more in June's Bulletin 065, and three of those confirmed by CISA as "exploited in the wild" β continues below. What UniFi is, what happens when it is taken over, and the shared mitigations are all explained in the sections that follow.
Update (June 24, 2026): CISA confirms active exploitation; an unauthenticated root-takeover chain goes public
There is a major follow-up to the three flaws disclosed in May (CVE-2026-34908 / 34909 / 34910, all at the maximum CVSS 10.0). On June 24, 2026, the US agency CISA added them to its list of vulnerabilities known to be exploited in real attacks (KEV). On top of that, security firm Bishop Fox published both the full attack sequence β chaining the three to seize the device's highest privilege (root, full control beyond admin) with no login β and a free tool to check whether you are affected. Treat this as a step up from "dangerous in theory" to "actively being targeted."
KEV (Known Exploited Vulnerabilities) is the official list, maintained by the US Cybersecurity and Infrastructure Security Agency (CISA), of flaws confirmed used in real attacks. A listing means the issue is escalated to "patch now," on the assumption that attackers are already using the hole. You can also search the listing status on the CISA KEV dashboard.
β Confirmed facts
- βCISA added the three (34908 / 34909 / 34910) to the KEV catalog (CISA KEV)
- βChaining the three yields unauthenticated remote code execution as root; Bishop Fox validated it on a UniFi OS Server 5.0.6 instance (Bishop Fox)
- βExploitable in low-complexity attacks; originally reported via the HackerOne bug-bounty program (BleepingComputer)
? Unconfirmed
- ?Ubiquiti has not stated whether any breach occurred before disclosure
- ?No specific attacker group or victim organization has been reported as of this writing
Any attacker who can reach the device's IP address over the network can launch this chain without any login ID or password. If the management interface is exposed to the internet, it can be targeted by anyone in the world.
What the attacker does here is seize the device's highest privilege (root) and take over the very core of the network. Once root is taken, the secrets stored on the device become visible, forged admin sessions that survive patching can be created, and in deployments where UniFi also runs cameras and door access, even physical equipment can be operated.
End users have all their corporate or home traffic watched, and the operating organization loses trust in its network foundation itself. The especially nasty part: patching alone does not evict an attacker who is already in (as below, you also need to rotate secrets).
How the "three-stage chain" reaches root without authentication
According to Bishop Fox's analysis, the attack flows as follows. First, CVE-2026-34908 (improper access control) and CVE-2026-34909 (path traversal) bypass login authentication and reach underlying files and accounts. Then CVE-2026-34910 (command injection) makes the device run arbitrary commands and seizes the highest privilege.
At the root of it is an interpretation mismatch: the component that decides authentication looks at the "raw URL (raw URI)," while the internal web server (nginx) routes based on the "normalized URL." Furthermore, the injected commands run under a high-privilege service account that can perform some system operations without a password, making escalation to root easy. Bishop Fox says it confirmed it could obtain a root shell on a 5.0.6 instance with no credentials.
What to do right now
The response is two-stage: "update" plus "cleanup." Patching is not the end of it.
Immediate steps
- 1.Update UniFi OS Server to 5.0.8 or later (unifi-core 5.0.153); for appliances, update to at least the versions in the table below
- 2.Do not stop at patching. If already compromised, the attacker stays, so rotate secrets β admin passwords, API keys, and various tokens
- 3.Use Bishop Fox's free detection script to safely check whether your device is affected
- 4.Cut off internet exposure of the management interface (see "Interim mitigations" below)
The affected versions and fixes for the three now-KEV-listed flaws are as follows.
| Product | Affected | Fixed |
|---|---|---|
| UniFi OS Server | < 5.0.8 | 5.0.8+ (unifi-core 5.0.153) |
| UDM / UDM-Pro / UDM-SE / UDM-Pro-Max | < 5.1.12 | 5.1.12+ |
| UDM-Beast | < 5.1.11 | 5.1.11+ |
| EFG / UDW / UDR / UDR7 / UDR-5G / Express 7 / UNVR | < 5.1.12 | 5.1.12+ |
| Express | < 4.0.14 | 4.0.14+ |
Exact versions per model are kept up to date in the official advisory (Bulletin 064). Note that the separate four flaws disclosed in June's Bulletin 065 (below) are not KEV-listed as of this writing. Below, we walk through the five flaws first disclosed, the June follow-up, and the mitigations common to all of them.
Networking gear maker Ubiquiti has disclosed five vulnerabilities in its "UniFi OS". Three of them carry the maximum CVSS score of 10.0, and the other two land at 7.7 and 9.1 β extremely severe across the board. Without any login, attackers can hijack the routers and access points that sit in the middle of corporate and home networks.
UniFi is a series of business / SOHO networking products from Ubiquiti, Inc. According to Ubiquiti Japan (UI Japan)'s official note, the appeal is "no licensing fees" and "all-in-one management" β routers, switches, wireless APs, and surveillance cameras all run from a single dashboard. In Japan, Sonet Corporation is the official distributor, with SIers such as Hirano Tsushin Kizai and Amiya handling sales β and the brand is firmly established among cost-conscious SMBs, startups, cafes, and coworking spaces.
The issues are disclosed in official advisory "Bulletin 064", dated May 21, 2026. The fact that three of them β CVE-2026-34908, 34909, and 34910 β are all CVSS 10.0 with no authentication required shows just how comprehensively UniFi OS's security guardrails have collapsed.
June 2026 update: Bulletin 065 adds four more, this time requiring low privileges
On June 12, 2026, Ubiquiti published a follow-up advisory, "Bulletin 065", disclosing four new vulnerabilities in UniFi OS and the "UID Enterprise Agent" management software. Where May's Bulletin 064 was "CVSS 10.0 with no login required," three of these four now require a low-privileged user who can reach the device over the network β but in exchange they bring high-risk classes like command injection (forcing the device to run arbitrary commands) and privilege escalation. Even devices already patched for 064 must be raised once more to the 065 fixed releases.
| CVE ID | CVSS | Auth | Type |
|---|---|---|---|
| CVE-2026-47369 | 9.9 | Low priv | Privilege escalation within UniFi OS |
| CVE-2026-47370 | 9.9 | Low priv | Command injection, arbitrary commands |
| CVE-2026-47367 | 9.9 | Low priv | Command injection in UID Enterprise Agent |
| CVE-2026-47368 | 8.6 | None | Path traversal, data theft from device |
CVE-2026-34908 (CVSS 10.0): unauthenticated system modification
An improper access control flaw lets an attacker on the network change system settings without any login. With no credentials required and a perfect 10.0 score, this is the headline flaw of Bulletin 064 and the one to patch first.
CVE-2026-34909 (CVSS 10.0): path traversal to account takeover
A path traversal weakness lets an unauthenticated attacker read files they should never reach, including the data needed to hijack an administrator account. Reading the wrong file here ends in full account takeover.
CVE-2026-34910 (CVSS 10.0): command injection to remote code execution
Command injection without authentication means an attacker can run their own commands on the device over the network. This is the cleanest path from "on the same network" to "running code on your router."
CVE-2026-33000 (CVSS 9.1): command injection requiring admin rights
This command injection flaw needs high (administrator) privileges first, so it matters most as a way to deepen an existing foothold or for a rogue insider, rather than as a first-strike entry point.
CVE-2026-34911 (CVSS 7.7): path traversal with low privileges
A low-privileged user can use this path traversal flaw to reach restricted files. It is the least severe of the five, but combined with the others it widens what a limited account can see.
CVE-2026-47369 (CVSS 9.9): a low-privileged user seizes admin rights
An improper input validation flaw lets a low-privileged user who can reach the device escalate to higher privileges inside UniFi OS. The danger is that an ordinary employee account β or anyone who can touch the device via a guest network β can reach administrator-level operations.
CVE-2026-47370 (CVSS 9.9): command injection from low privileges
This flaw lets a low-privileged attacker push arbitrary commands into a device running UniFi OS. Command injection is the gateway to taking over the device itself β the same lethal class as 064's CVE-2026-34910. The only saving grace this time is that it requires low privileges rather than no authentication.
CVE-2026-47367 (CVSS 9.9): command injection in the UID Enterprise Agent
The UID Enterprise Agent is the resident software that runs Ubiquiti's enterprise identity platform "UID" on the host side. Abusing its input-validation gap allows arbitrary command execution on the host running the agent. Organizations using UID must update this agent in addition to UniFi OS itself.
CVE-2026-47368 (CVSS 8.6): unauthenticated data theft from the device
This is the only one of the four that needs no authentication. Via path traversal (walking back up the path to reach files that should be off-limits), anyone who can reach the device over the network can read data out of it. But it cannot alter or destroy anything β the impact is limited to data exfiltration, which is why it lands at 8.6. Compared with 064's CVE-2026-34909 (the same path traversal at 10.0, which reached "grab a file, then take over the account"), the impact stops one step short.
Affected versions span a wide range of UniFi OS 5.1.12 and earlier models (UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDR, UDR7, UCK, UCKP, the UNVR series, UCG-Ultra, UCG-Max, and more), plus UniFi OS Server 5.0.08 and earlier and UDM-Beast 5.1.11 and earlier. Fixed releases are UniFi OS 5.1.15 or later (UNAS devices 5.1.16+, UniFi Express 4.0.15+). Even if you updated for 064, confirm in the dashboard that your current version is 5.1.15 or higher. As of this writing (June 12, 2026), none of these four has confirmed in-the-wild exploitation or a CISA KEV listing β this is a "second round" that ranks one notch below May's 10.0-class flaws. The update steps and interim mitigations in the "Affected products and fixes" and "Interim mitigations" sections below apply unchanged.
What UniFi is
UniFi is a package that covers your company's entire network with hardware from a single vendor. Key products that run on the same management surface (UniFi OS) include:
Headliners are the UniFi Dream Machine (UDM) all-in-one gateway, the UniFi Cloud Key small management server, the UniFi OS Console management appliance, various UniFi Switch models, and UniFi Access Point (AP) radios. Seeing all of them from a single pane of glass is the "UniFi way", and it has earned a reputation as easy to operate even in small offices without a dedicated IT staffer.
In Japan, as the Zenn article billing it as "the optimal answer for small venture office networks" shows, many engineers also deploy UniFi at home or in their own startup office. For roughly 50,000β100,000 yen, you get an "enterprise-flavored" network β a price point that also resonates with tech-leaning individual users.
And UniFi OS is the software in the middle of your network. Every internal communication passes through it. Hijack it, and everything beneath becomes visible to the attacker β that is the essence of today's vulnerabilities.
The five vulnerabilities
The disclosures in Bulletin 064 are:
| CVE ID | CVSS | Auth | Type |
|---|---|---|---|
| CVE-2026-34908 | 10.0 | None | Improper access control β system modification |
| CVE-2026-34909 | 10.0 | None | Path traversal β file read β account takeover |
| CVE-2026-34910 | 10.0 | None | Command injection β arbitrary code execution |
| CVE-2026-33000 | 9.1 | High | Command injection (via admin privileges) |
| CVE-2026-34911 | 7.7 | Low | Path traversal β restricted file access |
The first three (CVSS 10.0) share a common condition: "network reachability is enough β no authentication needed". Having a UniFi management port simply sitting on the corporate network is sufficient for the attack to land. In particular, CVE-2026-34910 β a command injection β is a critical-class flaw that lets an attacker run arbitrary commands on the UniFi device itself.
What happens when the attack succeeds
A hijacked UniFi OS hands the attacker control of the entire network below. Concrete scenarios:
Realistic damage scenarios
- βΈTraffic interception: web browsing, email, chat β all internal communication becomes visible to the attacker.
- βΈDNS rewriting: redirect access from legitimate sites to phishing sites and harvest credentials.
- βΈVPN tampering: drop in an attacker-controlled VPN tunnel and keep persistent access to the corporate network.
- βΈFirewall disablement: open the path for direct attacks against internal endpoints.
- βΈCamera spying: surveillance footage from UniFi Protect cameras leaks out.
- βΈBotnet enrollment: use the UniFi device itself as a relay to attack other companies.
The hard part is that network device compromises are hard to notice. PC malware trips antivirus, but an attacker quietly intercepting traffic inside a router or switch is essentially invisible from the endpoints. Cases of "we just realized our internal communications had been siphoned for six months" are entirely plausible in this category.
Home users running UniFi are in the same boat. Family PCs, smartphones, and smart home devices β all their traffic becomes visible to the attacker. Tech-loving individual users cannot consider this someone else's problem.
Affected products and fixes
The advisory covers any product running "UniFi OS". UniFi OS is the common platform underneath Ubiquiti's management appliances, and runs on the following representative products:
| Product category | Representative models |
|---|---|
| All-in-one gateway | UniFi Dream Machine (UDM) / UDM Pro / UDM SE / UDR |
| Management console | UniFi Cloud Key Gen2 Plus / UniFi OS Console / UNVR-Pro |
| Routers | UniFi Express / UCG-Ultra / UniFi Cloud Gateway |
The remediation is straightforward: update UniFi OS to the latest version. Use one of the following paths:
How to update
- 1.Log in to the UniFi dashboard (
https://<device-IP>orunifi.ui.com). - 2.Open "Settings β System β Updates".
- 3.If a new UniFi OS build is listed, apply it.
- 4.Also check firmware for downstream switches, APs, and Protect cameras.
If automatic updates are enabled, the new firmware may already be deployed. Verify that the "UniFi OS Version" shown on the dashboard is at or above the fixed version listed in Bulletin 064. Specific version numbers are updated on Ubiquiti's official advisory page.
Interim mitigations to apply at minimum
Until the patch is applied β and for longer-term risk reduction β the following settings are recommended:
Recommended additional configuration
- βΈBlock management console exposure to the internet: configurations that let the UniFi dashboard be reached from the router's WAN side are dangerous. Disable WAN management and restrict to internal LAN / VPN.
- βΈReconsider UniFi Site Manager (cloud management): if you don't need to manage the network while traveling, disable the Site Manager link and keep management local.
- βΈEnable 2FA on admin accounts: it does not block direct exploitation, but it lowers the risk for any auth-dependent attack paths.
- βΈAudit your logs: review past activity for suspicious "settings change", "user added", and "firmware overwritten" events.
The WAN-side dashboard exposure in particular has been a recurring root cause of UniFi compromises in the past. If you don't know who turned on "Allow Remote Access" or when, turning it off is the right move until you do.
Ubiquiti has been a target before
Thanks to their value-for-money pricing and broad install base, Ubiquiti products have long been an appealing target for attackers.
In 2021, a major credential exposure incident around the UniFi Cloud functionality led Ubiquiti to urge customers to change their passwords. From 2022 onward, high-severity flaws have surfaced intermittently in UniFi Dream Machine, UniFi Protect (camera management), and the UniFi Network Application. Even earlier in 2026, before today's batch, CVE-2026-22557 (path traversal) and CVE-2026-22558 (privilege escalation) were already on the books.
This is not "Ubiquiti is uniquely buggy". It should be read as a problem common to the entire network device category. Vulnerabilities in Cisco, Fortinet, Pulse Secure, and similar products have become primary entry vectors for APT (nation-state) and ransomware groups in recent years. The attacker's gaze rests on home, SOHO, and mid-market networks alike.
Conversely, a vendor publishing advisories on a regular cadence is a healthy state of affairs. The real question is whether the user side has the awareness and operational muscle to act on those advisories quickly.
Closing thoughts
Three CVSS 10.0 vulnerabilities in a single advisory, all exploitable remotely without authentication, is about as bad a package as a networking-gear security disclosure can get. Ubiquiti has done its part by publishing Bulletin 064 clearly, but if user-side updates do not catch up, this lines up directly with real-world compromises.
Teams operating UniFi in small offices, and engineers running UniFi at home β log in to the dashboard now and check your version. Even if you have automatic updates enabled, visually confirming that the patch landed is worthwhile. "UniFi: set it and forget it" is the selling point, which is exactly why undoing the "forget" is a job for tonight.
References
- βΈ Ubiquiti Community - Security Advisory Bulletin 066 (July 2, 2026, 15 new flaws)
- βΈ NVD - CVE-2026-50746 (UniFi Connect, unauthenticated command injection, CVSS 10.0)
- βΈ CISA - Known Exploited Vulnerabilities Catalog (KEV)
- βΈ Bishop Fox - Popping Root on UniFi OS Server: Unauthenticated RCE Chain
- βΈ GitHub - BishopFox/CVE-2026-34908-check (free detection script)
- βΈ BleepingComputer - Critical UniFi OS bug lets hackers gain root without authentication
- βΈ Ubiquiti Community - Security Advisory Bulletin 064
- βΈ Ubiquiti Community - Security Advisory Bulletin 065 (June 2026 follow-up)
- βΈ NVD - CVE-2026-47369 (privilege escalation, CVSS 9.9)
- βΈ NVD - CVE-2026-47370 (command injection, CVSS 9.9)
- βΈ NVD - CVE-2026-47367 (UID Enterprise Agent, CVSS 9.9)
- βΈ NVD - CVE-2026-47368 (path traversal, CVSS 8.6)
- βΈ NVD - CVE-2026-34908 (Improper access control, CVSS 10.0)
- βΈ NVD - CVE-2026-34909 (Path traversal, CVSS 10.0)
- βΈ NVD - CVE-2026-34910 (Command injection, CVSS 10.0)
- βΈ NVD - CVE-2026-33000 (Command injection, CVSS 9.1)
- βΈ NVD - CVE-2026-34911 (Path traversal, CVSS 7.7)
- βΈ Ubiquiti Japan - What is UniFi? (deep dive)
- βΈ Ubiquiti Japan official site
Check CISA KEV Registration Status
The CISA Known Exploited Vulnerabilities (KEV) catalog is the U.S. government's authoritative list of CVEs confirmed as actively exploited in the wild. Look up the CVEs covered in this article using our Japanese-language dashboard.
Check on the CISA KEV Dashboard β
Makoto Horikawa
Backend Engineer / AWS / Django