CVE-2026-34909

Summary

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi OS Server0 < 5.0.8affected
Ubiquiti IncExpress0 < 4.0.14affected
Ubiquiti IncUDM0 < 5.1.12affected
Ubiquiti IncUDM-Pro0 < 5.1.12affected
Ubiquiti IncUDM-SE0 < 5.1.12affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.12affected
Ubiquiti IncUDM-Beast0 < 5.1.11affected
Ubiquiti IncEFG0 < 5.1.12affected
Ubiquiti IncUDW0 < 5.1.12affected
Ubiquiti IncUDR0 < 5.1.12affected
Ubiquiti IncUDR70 < 5.1.12affected
Ubiquiti IncUDR-5G0 < 5.1.12affected
Ubiquiti IncExpress 70 < 5.1.12affected
Ubiquiti IncUNVR0 < 5.1.12affected
Ubiquiti IncUNVR-Pro0 < 5.1.12affected
Ubiquiti IncUNVR-Instant0 < 5.1.12affected
Ubiquiti IncUNVR-G20 < 5.1.12affected
Ubiquiti IncUNVR-G2-Pro0 < 5.1.12affected
Ubiquiti IncENVR0 < 5.1.12affected
Ubiquiti IncENVR-Core0 < 5.1.12affected
Ubiquiti IncUNAS-20 < 5.1.10affected
Ubiquiti IncUNAS-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro0 < 5.1.10affected
Ubiquiti IncUNAS-Pro-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro-80 < 5.1.10affected
Ubiquiti IncUCKP0 < 5.1.12affected
Ubiquiti IncUCK0 < 5.1.12affected
Ubiquiti IncUCK-Enterprise0 < 5.1.12affected
Ubiquiti IncUCG-Ultra0 < 5.1.12affected
Ubiquiti IncUCG-Max0 < 5.1.12affected
Ubiquiti IncUCG-Fiber0 < 5.1.12affected
Ubiquiti IncUCG-Industrial0 < 5.1.12affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References