CVE-2026-34908

Summary

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi OS Server0 < 5.0.8affected
Ubiquiti IncUDM0 < 5.1.12affected
Ubiquiti IncUDM-Pro0 < 5.1.12affected
Ubiquiti IncUDM-SE0 < 5.1.12affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.12affected
Ubiquiti IncUDM-Beast0 < 5.1.11affected
Ubiquiti IncEFG0 < 5.1.12affected
Ubiquiti IncUDW0 < 5.1.12affected
Ubiquiti IncUDR0 < 5.1.12affected
Ubiquiti IncUDR70 < 5.1.12affected
Ubiquiti IncUDR-5G0 < 5.1.12affected
Ubiquiti IncExpress 70 < 5.1.12affected
Ubiquiti IncUNVR0 < 5.1.12affected
Ubiquiti IncUNVR-Pro0 < 5.1.12affected
Ubiquiti IncUNVR-Instant0 < 5.1.12affected
Ubiquiti IncUNVR-G20 < 5.1.12affected
Ubiquiti IncUNVR-G2-Pro0 < 5.1.12affected
Ubiquiti IncENVR0 < 5.1.12affected
Ubiquiti IncENVR-Core0 < 5.1.12affected
Ubiquiti IncUNAS-20 < 5.1.10affected
Ubiquiti IncUNAS-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro0 < 5.1.10affected
Ubiquiti IncUNAS-Pro-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro-80 < 5.1.10affected
Ubiquiti IncUCKP0 < 5.1.12affected
Ubiquiti IncUCK0 < 5.1.12affected
Ubiquiti IncUCK-Enterprise0 < 5.1.12affected
Ubiquiti IncUCG-Ultra0 < 5.1.12affected
Ubiquiti IncUCG-Max0 < 5.1.12affected
Ubiquiti IncUCG-Fiber0 < 5.1.12affected
Ubiquiti IncUCG-Industrial0 < 5.1.12affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References