CVE-2026-34909 PUBLISHED

Assigner: hackerone
Reserved: 31.03.2026 Published: 22.05.2026 Updated: 22.05.2026

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Ubiquiti Inc
Product	UniFi OS Server
Versions	Default: unaffected affected from 0 to 5.0.8 (excl.)

Vendor	Ubiquiti Inc
Product	UDM
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Pro
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-SE
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Pro-Max
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDM-Beast
Versions	Default: unaffected affected from 0 to 5.1.11 (excl.)

Vendor	Ubiquiti Inc
Product	EFG
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDW
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDR
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDR7
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UDR-5G
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	Express 7
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-Pro
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-Instant
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-G2
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UNVR-G2-Pro
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	ENVR
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	ENVR-Core
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-2
Versions	Default: unaffected affected from 0 to 5.1.10 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-4
Versions	Default: unaffected affected from 0 to 5.1.10 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-Pro
Versions	Default: unaffected affected from 0 to 5.1.10 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-Pro-4
Versions	Default: unaffected affected from 0 to 5.1.10 (excl.)

Vendor	Ubiquiti Inc
Product	UNAS-Pro-8
Versions	Default: unaffected affected from 0 to 5.1.10 (excl.)

Vendor	Ubiquiti Inc
Product	UCKP
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UCK
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UCK-Enterprise
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Ultra
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Max
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Fiber
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

Vendor	Ubiquiti Inc
Product	UCG-Industrial
Versions	Default: unaffected affected from 0 to 5.1.12 (excl.)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Problem Types

CWE-22 Path Traversal CWE