Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-54401 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 7.7 HIGH |
| A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances. | |||||
| CVE-2026-54402 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 9.9 CRITICAL |
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device. | |||||
| CVE-2026-54404 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 8.8 HIGH |
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | |||||
| CVE-2026-54403 | 1 Ui | 63 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 60 more | 2026-07-10 | N/A | 8.6 HIGH |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances. | |||||
| CVE-2026-55110 | 1 Ui | 59 Enterprise Firewall Core, Enterprise Firewall Core Firmware, Enterprise Fortress Gateway and 56 more | 2026-07-09 | N/A | 7.5 HIGH |
| A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session. | |||||
| CVE-2026-34911 | 1 Ui | 61 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 58 more | 2026-06-24 | N/A | 7.7 HIGH |
| A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information. | |||||
| CVE-2026-34908 | 1 Ui | 61 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 58 more | 2026-06-24 | N/A | 10.0 CRITICAL |
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system. | |||||
| CVE-2026-34909 | 1 Ui | 63 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 60 more | 2026-06-24 | N/A | 10.0 CRITICAL |
| A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account. | |||||
| CVE-2026-34910 | 1 Ui | 61 Enterprise Fortress Gateway, Enterprise Fortress Gateway Firmware, Enterprise Network Video Recorder and 58 more | 2026-06-24 | N/A | 10.0 CRITICAL |
| A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. | |||||
