External risk intelligence

UID Enterprise Agent Command Injection Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-47367

An Improper Input Validation vulnerability in the UID Enterprise Agent could allow a low-privilege, network-accessible attacker to execute commands on a host device. This is a concern because unauthorized command execution can impact system integrity and availability.

3Halo Surface Signal

Command Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-47367

The vulnerability affects an enterprise agent that requires network access and low-level privileges to exploit. While it is network-reachable, it is typically deployed within an internal network or protected environment rather than being designed as a public-facing internet service.

PCI scan relevance

PCI Relevance for CVE-2026-47367

Yes

CVE-2026-47367 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows command injection, which can lead to an automatic PCI scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in the UID Enterprise Agent, allowing a low-privilege attacker with network access to potentially inject commands and take control of a host device. This issue matters because it could enable unauthorized actions on connected systems if the affected technology is in use. The primary concern at this stage is confirming if our environment is exposed.

  • Unauthenticated attackers can run commands on devices.
  • This allows unauthorized control of systems.
  • Confirm exposure and relevance to our operations.

Attack Path

How an attacker could exploit the issue

A low-privilege attacker on the network could send specially crafted input to the UID Enterprise Agent. This input could be processed incorrectly, leading to the execution of arbitrary commands on the host device.

  • Network access with low privileges required.
  • Improper input validation allows command injection.
  • Risk of host device compromise.

Live Threat

Current exploitation, exposure, and threat context

A malicious actor with network access and low privileges could exploit this vulnerability to execute commands on the host device. This could impact the integrity and availability of the affected system.

  • Host device commands and behavior.
  • Exploited via network access.
  • Compromised system operations.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

To address this critical vulnerability, platform and infrastructure teams are likely responsible for identifying the UID Enterprise Agent's deployment locations. The immediate first step should be to confirm the agent's network exposure and business criticality, then identify the accountable system owner to plan a coordinated remediation.

  • Confirm agent presence and exposure.
  • Identify accountable system owner.
  • Plan targeted remediation.

Frequently asked questions

What is the UID Enterprise Agent?

The UID Enterprise Agent is a software component designed to manage and facilitate operations on host devices within an organization's infrastructure. It acts as a bridge for administrative tasks, allowing systems to communicate and execute necessary background processes efficiently.

How does CVE-2026-47367 allow command injection?

This vulnerability is classified as Improper Input Validation (CWE-20). It occurs when the agent fails to properly sanitize or filter incoming data, allowing an attacker to insert malicious system commands that the software then inadvertently runs with elevated authority on the host.

Do I need administrative access to trigger this bug?

No. The vulnerability does not require administrative or high-level permissions. An attacker only needs low-level network access to communicate with the agent. Conversely, if an actor lacks any network access to the agent, they cannot trigger the command injection.

Is my UID Enterprise Agent reachable from the internet?

According to Halo Surface Signal, this software is typically deployed within internal or protected networks rather than as a public-facing service. While it is network-reachable, you should verify whether your specific deployment is exposed to external traffic.

What steps should I take to respond to this CVE?

First, locate where the UID Enterprise Agent is deployed within your infrastructure to assess its business criticality. Once the assets are identified, coordinate with the system owners to confirm their current network exposure and begin planning for the necessary security updates.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished