CVE-2026-34911

Summary

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi OS Server0 < 5.0.8affected
Ubiquiti IncUDM0 < 5.1.12affected
Ubiquiti IncUDM-Pro0 < 5.1.12affected
Ubiquiti IncUDM-SE0 < 5.1.12affected
Ubiquiti IncUDM-Pro-Max0 < 5.1.12affected
Ubiquiti IncUDM-Beast0 < 5.1.11affected
Ubiquiti IncEFG0 < 5.1.12affected
Ubiquiti IncUDW0 < 5.1.12affected
Ubiquiti IncUDR0 < 5.1.12affected
Ubiquiti IncUDR70 < 5.1.12affected
Ubiquiti IncUDR-5G0 < 5.1.12affected
Ubiquiti IncExpress 70 < 5.1.12affected
Ubiquiti IncUNVR0 < 5.1.12affected
Ubiquiti IncUNVR-Pro0 < 5.1.12affected
Ubiquiti IncUNVR-Instant0 < 5.1.12affected
Ubiquiti IncUNVR-G20 < 5.1.12affected
Ubiquiti IncUNVR-G2-Pro0 < 5.1.12affected
Ubiquiti IncENVR0 < 5.1.12affected
Ubiquiti IncENVR-Core0 < 5.1.12affected
Ubiquiti IncUNAS-20 < 5.1.10affected
Ubiquiti IncUNAS-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro0 < 5.1.10affected
Ubiquiti IncUNAS-Pro-40 < 5.1.10affected
Ubiquiti IncUNAS-Pro-80 < 5.1.10affected
Ubiquiti IncUCKP0 < 5.1.12affected
Ubiquiti IncUCK0 < 5.1.12affected
Ubiquiti IncUCK-Enterprise0 < 5.1.12affected
Ubiquiti IncUCG-Ultra0 < 5.1.12affected
Ubiquiti IncUCG-Max0 < 5.1.12affected
Ubiquiti IncUCG-Fiber0 < 5.1.12affected
Ubiquiti IncUCG-Industrial0 < 5.1.12affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References