Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for unifi_cloud_gateway_fiber_firmware by ui

    CVE-2026-55112 (GCVE-0-2026-55112)

    Vulnerability from nvd – Published: 2026-07-02 14:50 – Updated: 2026-07-02 15:51
    VLAI
    Summary
    A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:41:29.812778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:51:35.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:50:48.656Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-55112",
        "datePublished": "2026-07-02T14:50:48.656Z",
        "dateReserved": "2026-06-16T15:00:01.614Z",
        "dateUpdated": "2026-07-02T15:51:35.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55110 (GCVE-0-2026-55110)

    Vulnerability from nvd – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52
    VLAI
    Summary
    A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:41:35.927153Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:52:20.711Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user\u0027s session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.794Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-55110",
        "datePublished": "2026-07-02T14:49:16.794Z",
        "dateReserved": "2026-06-16T15:00:01.614Z",
        "dateUpdated": "2026-07-02T15:52:20.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54404 (GCVE-0-2026-54404)

    Vulnerability from nvd – Published: 2026-07-02 14:49 – Updated: 2026-07-03 03:56
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:56:09.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.757Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54404",
        "datePublished": "2026-07-02T14:49:16.757Z",
        "dateReserved": "2026-06-13T15:00:00.605Z",
        "dateUpdated": "2026-07-03T03:56:09.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54403 (GCVE-0-2026-54403)

    Vulnerability from nvd – Published: 2026-07-02 14:49 – Updated: 2026-07-02 16:09
    VLAI
    Summary
    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T16:09:36.129029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T16:09:42.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.633Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54403",
        "datePublished": "2026-07-02T14:49:16.633Z",
        "dateReserved": "2026-06-13T15:00:00.604Z",
        "dateUpdated": "2026-07-02T16:09:42.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54402 (GCVE-0-2026-54402)

    Vulnerability from nvd – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54402",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:41:31.917927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:52:04.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:17.030Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54402",
        "datePublished": "2026-07-02T14:49:17.030Z",
        "dateReserved": "2026-06-13T15:00:00.604Z",
        "dateUpdated": "2026-07-02T15:52:04.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54401 (GCVE-0-2026-54401)

    Vulnerability from nvd – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:51
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:48:48.891370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:51:58.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:17.032Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54401",
        "datePublished": "2026-07-02T14:49:17.032Z",
        "dateReserved": "2026-06-13T15:00:00.604Z",
        "dateUpdated": "2026-07-02T15:51:58.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34911 (GCVE-0-2026-34911)

    Vulnerability from nvd – Published: 2026-05-22 00:43 – Updated: 2026-05-22 12:37
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34911",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T12:37:38.876728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T12:37:48.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T00:43:49.189Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34911",
        "datePublished": "2026-05-22T00:43:49.189Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-05-22T12:37:48.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34910 (GCVE-0-2026-34910)

    Vulnerability from nvd – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:55
    VLAI CISA Shadowserver KEVIntel
    Summary
    A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34910",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34910"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:55:52.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34910"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-23T00:00:00.000Z",
                "value": "CVE-2026-34910 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T00:43:49.096Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34910",
        "datePublished": "2026-05-22T00:43:49.096Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-06-24T03:55:52.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34909 (GCVE-0-2026-34909)

    Vulnerability from nvd – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:56
    VLAI CISA KEVIntel
    Summary
    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express Affected: 0 , < 4.0.14 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34909",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:19.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-23T00:00:00.000Z",
                "value": "CVE-2026-34909 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "4.0.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T20:19:51.649Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34909",
        "datePublished": "2026-05-22T00:43:49.072Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-06-24T03:56:19.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34908 (GCVE-0-2026-34908)

    Vulnerability from nvd – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:55
    VLAI CISA KEVIntel
    Summary
    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34908",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:55:50.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-23T00:00:00.000Z",
                "value": "CVE-2026-34908 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T00:43:49.077Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34908",
        "datePublished": "2026-05-22T00:43:49.077Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-06-24T03:55:50.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55112 (GCVE-0-2026-55112)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:50 – Updated: 2026-07-02 15:51
    VLAI
    Summary
    A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:41:29.812778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:51:35.516Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:50:48.656Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-55112",
        "datePublished": "2026-07-02T14:50:48.656Z",
        "dateReserved": "2026-06-16T15:00:01.614Z",
        "dateUpdated": "2026-07-02T15:51:35.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54401 (GCVE-0-2026-54401)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:51
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54401",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:48:48.891370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:51:58.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:17.032Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54401",
        "datePublished": "2026-07-02T14:49:17.032Z",
        "dateReserved": "2026-06-13T15:00:00.604Z",
        "dateUpdated": "2026-07-02T15:51:58.264Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54402 (GCVE-0-2026-54402)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54402",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:41:31.917927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:52:04.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:17.030Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54402",
        "datePublished": "2026-07-02T14:49:17.030Z",
        "dateReserved": "2026-06-13T15:00:00.604Z",
        "dateUpdated": "2026-07-02T15:52:04.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55110 (GCVE-0-2026-55110)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52
    VLAI
    Summary
    A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55110",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T15:41:35.927153Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T15:52:20.711Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user\u0027s session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-942",
                  "description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.794Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-55110",
        "datePublished": "2026-07-02T14:49:16.794Z",
        "dateReserved": "2026-06-16T15:00:01.614Z",
        "dateUpdated": "2026-07-02T15:52:20.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54404 (GCVE-0-2026-54404)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-03 03:56
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:56:09.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.757Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54404",
        "datePublished": "2026-07-02T14:49:16.757Z",
        "dateReserved": "2026-06-13T15:00:00.605Z",
        "dateUpdated": "2026-07-03T03:56:09.490Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54403 (GCVE-0-2026-54403)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-02 16:09
    VLAI
    Summary
    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T16:09:36.129029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T16:09:42.714Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Machines",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Fortress Gateway",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Wall",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dream Routers",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Keys",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Video Recorders",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Cloud Gateways",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Network Attached Storage",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Enterprise Firewall Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T14:49:16.633Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-54403",
        "datePublished": "2026-07-02T14:49:16.633Z",
        "dateReserved": "2026-06-13T15:00:00.604Z",
        "dateUpdated": "2026-07-02T16:09:42.714Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34911 (GCVE-0-2026-34911)

    Vulnerability from cvelistv5 – Published: 2026-05-22 00:43 – Updated: 2026-05-22 12:37
    VLAI
    Summary
    A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34911",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T12:37:38.876728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-22T12:37:48.894Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T00:43:49.189Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34911",
        "datePublished": "2026-05-22T00:43:49.189Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-05-22T12:37:48.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34910 (GCVE-0-2026-34910)

    Vulnerability from cvelistv5 – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:55
    VLAI CISA Shadowserver KEVIntel
    Summary
    A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34910",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34910"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:55:52.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34910"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-23T00:00:00.000Z",
                "value": "CVE-2026-34910 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T00:43:49.096Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34910",
        "datePublished": "2026-05-22T00:43:49.096Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-06-24T03:55:52.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34908 (GCVE-0-2026-34908)

    Vulnerability from cvelistv5 – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:55
    VLAI CISA KEVIntel
    Summary
    A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control - Generic
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34908",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-22T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:55:50.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-23T00:00:00.000Z",
                "value": "CVE-2026-34908 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control - Generic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T00:43:49.077Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34908",
        "datePublished": "2026-05-22T00:43:49.077Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-06-24T03:55:50.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34909 (GCVE-0-2026-34909)

    Vulnerability from cvelistv5 – Published: 2026-05-22 00:43 – Updated: 2026-06-24 03:56
    VLAI CISA KEVIntel
    Summary
    A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ubiquiti Inc UniFi OS Server Affected: 0 , < 5.0.8 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express Affected: 0 , < 4.0.14 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-SE Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Pro-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDM-Beast Affected: 0 , < 5.1.11 (semver)
    Create a notification for this product.
    Ubiquiti Inc EFG Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDW Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UDR-5G Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc Express 7 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-Instant Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2 Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNVR-G2-Pro Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc ENVR-Core Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-2 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-4 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UNAS-Pro-8 Affected: 0 , < 5.1.10 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCKP Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCK-Enterprise Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Ultra Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Max Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Fiber Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Ubiquiti Inc UCG-Industrial Affected: 0 , < 5.1.12 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34909",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:19.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-23T00:00:00.000Z",
                "value": "CVE-2026-34909 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UniFi OS Server",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "4.0.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-SE",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Pro-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDM-Beast",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EFG",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDW",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UDR-5G",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Express 7",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-Instant",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNVR-G2-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ENVR-Core",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-2",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-4",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UNAS-Pro-8",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCKP",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCK-Enterprise",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Ultra",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Max",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Fiber",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "UCG-Industrial",
              "vendor": "Ubiquiti Inc",
              "versions": [
                {
                  "lessThan": "5.1.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T20:19:51.649Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2026-34909",
        "datePublished": "2026-05-22T00:43:49.072Z",
        "dateReserved": "2026-03-31T15:00:06.521Z",
        "dateUpdated": "2026-06-24T03:56:19.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }