CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances

Synopsis

A path traversal vulnerability affects multiple Ubiquiti UniFi OS devices and instances, including the UniFi OS Server, Express, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, and EFG. The flaw is reachable over the network without any authentication, and the scope impact extends beyond the vulnerable component itself. Successful exploitation allows an attacker to read arbitrary files from the affected device or instance, disclosing sensitive data. Patched-image rebuilds at versions 4.0.15, 5.1.15, and 5.1.16 are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The attacker must reach the affected UniFi OS service over the network; no local or physical access is needed.

• AuthenticationNot required

  No credentials or account of any kind are required to send the malicious request.

• Victim interactionNot required

  Exploitation is entirely attacker-driven and requires no action from a user or administrator on the target device.

• Attack complexityDetail

  The exploit is reliable and condition-free, requiring no race conditions or special environmental setup beyond network access.

Blast Radius

• An attacker reads arbitrary files from the affected UniFi OS device or instance, including configuration files, credentials, and internal state data.
• Because the CVSS scope is Changed, disclosed data may originate from components or services beyond the directly vulnerable UniFi OS process itself.
• Stolen credentials or API keys extracted from device files can be leveraged to pivot into other systems on the same network.
• Confidentiality impact is rated High; integrity and availability of the device are not directly affected by this vulnerability alone.