CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-33000

CVSS 9.1v3.1pub. 2026-05-22upd. 2026-06-24

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Ui Unifi Os Server

    APP
    Ui
    < 5.0.8
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-34908CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Nieprawidłowa kontrola dostępu w UniFi OS — nieautoryzowane zmiany systemowe

CVE-2026-34909CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Path Traversal w UniFi OS — dostęp do plików systemowych i przejęcie konta

CVE-2026-34910CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Command Injection w UniFi OS via nieprawidłowa walidacja wejścia

CVE-2026-34911HIGH7.7ten sam produkt

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability f...

CVE-2010-5330CRITICAL9.8⚠ KEVten sam vendor

On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) beca...