CVE-2026-34909 (GCVE-0-2026-34909)

Vulnerability from cvelistv5 – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:56
VLAI?
Summary
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
CWE
Assigner
Impacted products
Vendor Product Version
Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
Create a notification for this product.
    Ubiquiti Inc Express Affected: 0 , < 4.0.14 (semver)
Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34909",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-24T03:56:19.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-23T00:00:00.000Z",
            "value": "CVE-2026-34909 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "UniFi OS Server",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.0.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Express",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "4.0.14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-SE",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-Pro-Max",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-Beast",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EFG",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDW",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDR",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDR7",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDR-5G",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Express 7",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-Instant",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-G2",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-G2-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ENVR",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ENVR-Core",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-2",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-4",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-Pro-4",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-Pro-8",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCKP",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCK",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCK-Enterprise",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Ultra",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Max",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Fiber",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Industrial",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T20:19:51.649Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2026-34909",
    "datePublished": "2026-05-22T00:43:49.072Z",
    "dateReserved": "2026-03-31T15:00:06.521Z",
    "dateUpdated": "2026-06-24T03:56:19.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2026-34909",
      "cwes": "[\"CWE-22\"]",
      "dateAdded": "2026-06-23",
      "dueDate": "2026-06-26",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909",
      "product": "UniFi OS",
      "requiredAction": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA\u2019s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA\u2019s \u201cForensics Triage Requirements\u201d (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset\u0027s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
      "shortDescription": "Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.",
      "vendorProject": "Ubiquiti",
      "vulnerabilityName": "Ubiquiti UniFi OS Path Traversal Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-34909\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T17:50:14.322898Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-06-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909\"}}}], \"references\": [{\"url\": \"https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T17:27:36.870Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-23T00:00:00.000Z\", \"value\": \"CVE-2026-34909 added to CISA KEV\"}]}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Ubiquiti Inc\", \"product\": \"UniFi OS Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.0.8\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"Express\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.0.14\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDM-Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDM-SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDM-Pro-Max\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDM-Beast\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.11\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"EFG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDW\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDR\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDR7\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UDR-5G\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"Express 7\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNVR\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNVR-Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNVR-Instant\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNVR-G2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNVR-G2-Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"ENVR\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"ENVR-Core\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNAS-2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNAS-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNAS-Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNAS-Pro-4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UNAS-Pro-8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCKP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCK-Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCG-Ultra\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCG-Max\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCG-Fiber\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Ubiquiti Inc\", \"product\": \"UCG-Industrial\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.1.12\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2026-05-22T20:19:51.649Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-34909\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-24T03:56:19.760Z\", \"dateReserved\": \"2026-03-31T15:00:06.521Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2026-05-22T00:43:49.072Z\", \"assignerShortName\": \"hackerone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…