ГлавнаяУязвимости → CVE-2026-54402
9.9критическая

CVE-2026-54402

Описание

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.

Затрагиваемое ПО
Ui Unifi os serverUi Unifi dream machine firmwareUi Unifi dream machineUi Unifi dream machine pro firmwareUi Unifi dream machine proUi Unifi dream machine special edition firmwareUi Unifi dream machine special editionUi Unifi dream machine pro max firmwareUi Unifi dream machine pro maxUi Unifi dream machine beast firmwareUi Unifi dream machine beastUi Enterprise fortress gateway firmwareUi Enterprise fortress gatewayUi Unifi dream router firmwareUi Unifi dream routerUi Unifi dream wall firmwareUi Unifi dream wallUi Unifi dream router 7 firmwareUi Unifi dream router 7Ui Unifi express 7 firmwareUi Unifi express 7Ui Unifi cloudkey firmwareUi Unifi cloudkeyUi Unifi cloud key plus firmwareUi Unifi cloud key plus
CVSS
Балл9.9 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc