{"vulnerability": "cve-2026-3490", "sightings": [{"uuid": "0bb25315-ab97-47b1-a2d1-e6782cbb2498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34904", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mivjysy4ag27", "content": "", "creation_timestamp": "2026-04-07T10:10:20.293052Z"}, {"uuid": "879e25a8-5020-4b90-b9d0-989d2eb9926f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34903", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mivktshy7a2s", "content": "", "creation_timestamp": "2026-04-07T10:25:25.390990Z"}, {"uuid": "dac626e0-947f-4741-8942-a3bc1a9f286e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34904", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mivlfpd3jr2t", "content": "", "creation_timestamp": "2026-04-07T10:35:35.524890Z"}, {"uuid": "8d39becc-4676-4020-81b8-01ba4c254cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34904", "type": "seen", "source": "Telegram/_n08nA6gbjlNv-MhQAiKQpGqaP4NEyFlWKUx0Red_uQOWHE", "content": "", "creation_timestamp": "2026-04-07T13:55:24.000000Z"}, {"uuid": "00f67abd-e059-4433-aa5c-aca19a47b774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34909", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116617053903196416", "content": "\ud83d\udd12 CRITICAL: CVE-2026-34909 - Path Traversal in Ubiquiti UniFi OS Server (CVSS 10). Allows arbitrary file access &amp; manipulation. No patch yet \u2014 restrict access &amp; monitor! Details: https://radar.offseq.com/threat/cve-2026-34909-cwe-22-path-traversal-in-ubiquiti-i-4d93b8c5 #OffSeq #UniFi #Vuln #BlueTeam", "creation_timestamp": "2026-05-22T07:30:27.944130Z"}, {"uuid": "6d4dae7a-883e-4b62-9541-65ca6703adfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34909", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmgg2g4mix26", "content": "\u26a0\ufe0f Ubiquiti UniFi OS Server hit by critical Path Traversal flaw (CVSS 10). No patch yet \u2014 restrict access, monitor for threats. Full system compromise possible. https://radar.offseq.com/threat/cve-2026-34909-cwe-22-path-traversal-in-ubiquiti-i-4d93b8c5 #OffSeq #UniFi #SecurityAlert", "creation_timestamp": "2026-05-22T07:30:29.565922Z"}, {"uuid": "43d4906d-cd8a-4607-9365-148ef09a7e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://www.acn.gov.it/portale/w/ubiquiti-rilevate-nuove-vulnerabilita-1", "content": "", "creation_timestamp": "2026-05-27T06:38:42.000000Z"}, {"uuid": "0a269d56-6c8e-4a88-97a0-e7d6f9026245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://t.me/true_secator/8245", "content": "Ubiquiti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 UniFi OS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\nUniFi OS - \u044d\u0442\u043e \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u044f\u0445 UniFi \u0438 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0435\u0442\u0438, \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 UniFi, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a UniFi Network, UniFi Protect, UniFi Access, UniFi Talk \u0438 UniFi Connect.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-34908 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 UniFi OS.\u0451\n\n\u0412\u0442\u043e\u0440\u0430\u044f (CVE-2026-34909) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 (Path Traversal), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2026-34910) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Ubiquiti \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0442\u043e\u0440\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 (CVE-2026-33000) \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CVE-2026-34911), \u043e\u0431\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 Unifi OS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442, \u0431\u044b\u043b\u0438 \u043b\u0438 \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043e \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a HackerOne.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Censys \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 100 000 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0441\u0435\u0442\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 UniFi OS, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 (\u043f\u043e\u0447\u0442\u0438 50 000 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432) \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432 \u0421\u0428\u0410.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043d\u0438\u0445 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f Ubiquiti \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u043c\u0438\u0448\u0435\u043d\u044f\u043c\u0438 \u043a\u0430\u043a APT-\u0433\u0440\u0443\u043f\u043f, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0438\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432, \u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.", "creation_timestamp": "2026-05-26T16:30:06.000000Z"}, {"uuid": "31dcd43b-6805-4c13-9927-4e7a366359d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://t.me/true_secator/8245", "content": "Ubiquiti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 UniFi OS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\nUniFi OS - \u044d\u0442\u043e \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u044f\u0445 UniFi \u0438 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0435\u0442\u0438, \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 UniFi, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a UniFi Network, UniFi Protect, UniFi Access, UniFi Talk \u0438 UniFi Connect.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-34908 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 UniFi OS.\u0451\n\n\u0412\u0442\u043e\u0440\u0430\u044f (CVE-2026-34909) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 (Path Traversal), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2026-34910) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Ubiquiti \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0442\u043e\u0440\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 (CVE-2026-33000) \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CVE-2026-34911), \u043e\u0431\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 Unifi OS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442, \u0431\u044b\u043b\u0438 \u043b\u0438 \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043e \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a HackerOne.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Censys \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 100 000 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0441\u0435\u0442\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 UniFi OS, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 (\u043f\u043e\u0447\u0442\u0438 50 000 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432) \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432 \u0421\u0428\u0410.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043d\u0438\u0445 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f Ubiquiti \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u043c\u0438\u0448\u0435\u043d\u044f\u043c\u0438 \u043a\u0430\u043a APT-\u0433\u0440\u0443\u043f\u043f, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0438\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432, \u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.", "creation_timestamp": "2026-05-26T16:30:06.000000Z"}, {"uuid": "e1845c80-1af4-41a5-81b4-3477bd5bf639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-ubiquiti-has-addressed-multiple-critical-vulnerabilities-unifi-os-patch", "content": "", "creation_timestamp": "2026-05-26T09:13:20.000000Z"}, {"uuid": "28ae5e00-67bb-4f53-99e1-06a89f6569d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-ubiquiti-has-addressed-multiple-critical-vulnerabilities-unifi-os-patch", "content": "", "creation_timestamp": "2026-05-26T09:13:20.000000Z"}, {"uuid": "bd4d8905-b066-4368-b3c9-82d7cb5b0c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://www.acn.gov.it/portale/w/ubiquiti-rilevate-nuove-vulnerabilita-1", "content": "", "creation_timestamp": "2026-05-27T06:38:42.000000Z"}, {"uuid": "2750fb37-eb81-4558-90ca-5ae3e4818f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34907", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnconxngwd2f", "content": "CVE-2026-34907 - Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia\nCVE ID : CVE-2026-34907\n \n Published : June 2, 2026, 10:16 a.m. | 2\u00a0hours, 16\u00a0minutes ago\n \n Description : Wirtualna Uczelnia is vulnerable to Reflected Cross\u2011Site Scripting (XSS) due to insecure handl...", "creation_timestamp": "2026-06-02T13:19:07.580280Z"}, {"uuid": "fdf3f8ca-24e7-423f-a009-17624d96f3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34906", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116680047071361908", "content": "\ud83d\udea8 CRITICAL: CVE-2026-34906 in Simple SA Wirtualna Uczelnia enables unauthenticated RCE via SSTI in redirectToUrl. No patch yet \u2014 restrict access &amp; monitor for exploitation. https://radar.offseq.com/threat/cve-2026-34906-cwe-1336-improper-neutralization-of-6a6ef566 #OffSeq #CVE202634906 #infosec #RCE", "creation_timestamp": "2026-06-02T10:30:28.967652Z"}, {"uuid": "e08a96fc-c3c5-4a29-9e29-8de68861b777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34906", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnciskfj652j", "content": "CVE-2026-34906 - Server-Side Template Injection (SSTI) in Wirtualna Uczelnia\nCVE ID : CVE-2026-34906\n \n Published : June 2, 2026, 10:16 a.m. | 57\u00a0minutes ago\n \n Description : Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perf...", "creation_timestamp": "2026-06-02T11:34:19.159091Z"}, {"uuid": "a22af2ee-4cce-49a0-912b-b19ad3e98154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34906", "type": "seen", "source": "https://cert.pl/en/posts/2026/06/CVE-2026-34906", "content": "", "creation_timestamp": "2026-06-02T03:55:00.000000Z"}, {"uuid": "75c3554c-a621-4441-b4c6-9272106999b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34907", "type": "seen", "source": "https://cert.pl/en/posts/2026/06/CVE-2026-34906", "content": "", "creation_timestamp": "2026-06-02T03:55:00.000000Z"}, {"uuid": "04957fd8-66cc-4a85-a6bd-727b28f84d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3490", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiuynehzl2h", "content": "CVE-2026-3490 - picklescan - Universal Blocklist Bypass via pkgutil.resolve_name\nCVE ID : CVE-2026-3490\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass t...", "creation_timestamp": "2026-06-17T17:53:38.282961Z"}, {"uuid": "6dfa1620-499d-4c0a-b2c6-bae89f204854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnsb66zos427", "content": "UniFi OS Server flaws CVE-2026-34908, -34909, and -34910 can be chained for unauthenticated root RCE. Bishop Fox released detection guidance, and version 5.0.8+ fixes the issue. #UniFiOSServer #BishopFox #CVE2026", "creation_timestamp": "2026-06-08T18:00:16.104306Z"}, {"uuid": "f184255e-657a-48d7-8ae9-7ab91f28cc9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34908", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mnsmvnetss2e", "content": "\ud83d\udce2 RCE non authentifi\u00e9e sur UniFi OS Server : cha\u00eene de vuln\u00e9rabilit\u00e9s CVSS 10.0 (CVE-2026-34908/09/10)\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nLe 5 juin 20\u2026\nhttps://cyberveille.ch/posts/2026-06-08-rce-non-authentifiee-sur-unifi-os-server-chaine-de-vulnerabilites-cvss-10-0-cve-2026-34908-09-10/ #CVE_2026_33000 #Cyberveille", "creation_timestamp": "2026-06-08T21:30:13.368588Z"}, {"uuid": "151de027-0659-4671-ac65-c81f953afdd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34905", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mntp3uzupp2m", "content": "CVE-2026-34905: Apache Answer: Unlisted Questions Accessible via Direct API Access", "creation_timestamp": "2026-06-09T07:42:09.950792Z"}, {"uuid": "b17c8ad4-bf73-4ed7-8e6e-12728659b0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116719977777948801", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/", "creation_timestamp": "2026-06-09T11:45:20.896392Z"}, {"uuid": "c09dd812-fa61-4898-ba8b-93a8e3adef35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116719977777948801", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/", "creation_timestamp": "2026-06-09T11:45:21.061604Z"}, {"uuid": "d0018ceb-ff28-4231-b8ab-1b94293bb032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3mnu4pot3nk2c", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. www.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-06-09T11:45:54.671903Z"}, {"uuid": "b09ea98a-babf-437c-a519-5e3f8d2fcee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3mnu4pot3nk2c", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. www.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-06-09T11:45:54.834623Z"}, {"uuid": "0db5aed6-e2e1-4b7d-93eb-83d63e46657a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34902", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mofybxl2vi2a", "content": "CVE-2026-34902 - Stored XSS in WooCommerce Product Table Lite &lt;=4.6.3. Unauthenticated. CVSS 7.1. No patch available yet. Disable the plugin or restrict access now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-34902/", "creation_timestamp": "2026-06-16T14:14:33.373702Z"}, {"uuid": "86504311-5bab-4452-bc54-51c879d7a1d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3490", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-vvpj-8cmc-gx39", "content": "", "creation_timestamp": "2026-03-03T20:04:20.000000Z"}]}