CVE-2026-54402
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS t
CVSS
9.9
Critical
EPSS
0.9%
p55
KEV
—
Exploit Today
16
0-100
Published: Jul 2, 2026 · Last modified: Jul 10, 2026 · CWE-20 · CWE-77
0.8%EPSS · 30 days0.9%
2026-07-032026-07-16
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-341978.8 HIG99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability2dCVE-2026-422718.8 HIG99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2026-125699.8 CRI66.0%
KEV—70PTC Windchill and FlexPLM Improper Input Validation Vulnerability17dCVE-2023-349609.8 CRI99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.9dCVE-2023-376799.8 CRI99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.9dCVE-2026-80379.6 CRI98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints4d