CVE Catalog
CVE-2026-54402
CriticalCVSS 9.9Summary
A vulnerability in UniFi OS allows an attacker with network access and low privileges to execute command injection on the host device due to improper input validation.
Risk Assessment
An attacker can take control of the device, leading to compromise of data confidentiality, integrity, and availability, with potential for lateral movement within the network.
Recommendation
Immediately update UniFi OS to the latest patched version and restrict network access to devices only from trusted hosts.
Original NVD description (English source)
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.

