CVE-2026-34910

Summary

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi OS Server0 < 5.0.8affected
Ubiquiti IncUDM0 < 5.1.12affected
Ubiquiti IncUDM-Pro0 < 5.1.12affected
Ubiquiti IncUDM-SE0 < 5.1.12affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.12affected
Ubiquiti IncUDM-Beast0 < 5.1.11affected
Ubiquiti IncEFG0 < 5.1.12affected
Ubiquiti IncUDW0 < 5.1.12affected
Ubiquiti IncUDR0 < 5.1.12affected
Ubiquiti IncUDR70 < 5.1.12affected
Ubiquiti IncUDR-5G0 < 5.1.12affected
Ubiquiti IncExpress 70 < 5.1.12affected
Ubiquiti IncUNVR0 < 5.1.12affected
Ubiquiti IncUNVR-Pro0 < 5.1.12affected
Ubiquiti IncUNVR-Instant0 < 5.1.12affected
Ubiquiti IncUNVR-G20 < 5.1.12affected
Ubiquiti IncUNVR-G2-Pro0 < 5.1.12affected
Ubiquiti IncENVR0 < 5.1.12affected
Ubiquiti IncENVR-Core0 < 5.1.12affected
Ubiquiti IncUNAS-20 < 5.1.10affected
Ubiquiti IncUNAS-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro0 < 5.1.10affected
Ubiquiti IncUNAS-Pro-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro-80 < 5.1.10affected
Ubiquiti IncUCKP0 < 5.1.12affected
Ubiquiti IncUCK0 < 5.1.12affected
Ubiquiti IncUCK-Enterprise0 < 5.1.12affected
Ubiquiti IncUCG-Ultra0 < 5.1.12affected
Ubiquiti IncUCG-Max0 < 5.1.12affected
Ubiquiti IncUCG-Fiber0 < 5.1.12affected
Ubiquiti IncUCG-Industrial0 < 5.1.12affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References