Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-33000: UniFi OS Devices: Command Injection via Malicious Network Access

CVE-2026-33000

Summary

High-privilege network access could allow an attacker to inject malicious commands on UniFi OS devices, potentially leading to unauthorized system modifications or data exposure. This vulnerability affects network-connected UniFi OS devices, and it's essential to patch or update these devices to prevent potential exploitation. Regularly monitor and update UniFi OS devices to ensure security.

Original title

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Original description

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

nvd CVSS3.1 9.1

Vulnerability type

CWE-20 Improper Input Validation

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4c...

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 22 May 2026