Critical severity9.1NVD Advisory· Published May 22, 2026

CVE-2026-33000

Description

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Affected products

Ubiquiti Inc/Unifillm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963bnvd

News mentions

Ubiquiti patches three max severity UniFi OS vulnerabilities
BleepingComputer · May 22, 2026

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000