THE article discusses critical vulnerabilities in UniFi OS that have been recently identified, urging immediate action from network administrators to patch affected Ubiquiti devices globally. Among the identified threats are severe command injection vulnerabilities (CVE-2026-47367, CVE-2026-47369, CVE-2026-47370) that allow low-privileged users to escalate privileges and execute commands.
Additional risks include a path traversal vulnerability (CVE-2026-47368) that permits data extraction without elevated privileges, and an access control flaw (CVE-2026-48610) that may lead to unauthorized configuration changes. The affected devices include UDM, UDR, UNVR, and Express models, and administrators are advised to update to specific firmware versions to secure their networks effectively.