Improper Input Validation in UniFi OS by Ubiquiti
CVE-2026-54402

9.9CRITICAL

What is CVE-2026-54402?

A vulnerability exists in Ubiquiti's UniFi OS that allows a malicious actor with network access and low privileges to exploit improper input validation. This security flaw could enable unauthorized command execution on the host device, potentially compromising the system's integrity and security.

Affected Version(s)

Cloud Gateways 0 < 5.1.19

Cloud Keys 0 < 5.1.19

Dream Machines 0 < 5.1.19

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.