FKIE_CVE-2026-34909

Vulnerability from fkie_nvd - Published: 2026-05-22 02:16 - Updated: 2026-06-24 14:49
Summary
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
Impacted products
Vendor Product Version
ui unifi_os_server *
ui unifi_cloud_gateway_industrial_firmware *
ui unifi_cloud_gateway_industrial -
ui unifi_dream_machine_firmware *
ui unifi_dream_machine -
ui unifi_dream_machine_pro_firmware *
ui unifi_dream_machine_pro -
ui unifi_dream_machine_special_edition_firmware *
ui unifi_dream_machine_special_edition -
ui unifi_dream_machine_pro_max_firmware *
ui unifi_dream_machine_pro_max -
ui enterprise_fortress_gateway_firmware *
ui enterprise_fortress_gateway -
ui unifi_dream_wall_firmware *
ui unifi_dream_wall -
ui unifi_dream_router_firmware *
ui unifi_dream_router -
ui unifi_dream_router_7_firmware *
ui unifi_dream_router_7 -
ui unifi_express_7_firmware *
ui unifi_express_7 -
ui unifi_network_video_recorder_firmware *
ui unifi_network_video_recorder -
ui unifi_network_video_recorder_pro_firmware *
ui unifi_network_video_recorder_pro -
ui unifi_network_video_recorder_instant_firmware *
ui unifi_network_video_recorder_instant -
ui enterprise_network_video_recorder_firmware *
ui enterprise_network_video_recorder -
ui unifi_cloud_gateway_ultra_firmware *
ui unifi_cloud_gateway_ultra -
ui unifi_cloud_gateway_max_firmware *
ui unifi_cloud_gateway_max -
ui unifi_cloud_gateway_fiber_firmware *
ui unifi_cloud_gateway_fiber -
ui unifi_dream_router_5g_max_firmware *
ui unifi_dream_router_5g_max -
ui enterprise_network_video_recorder_core_firmware *
ui enterprise_network_video_recorder_core -
ui unifi_cloud_key_plus_firmware *
ui unifi_cloud_key_plus -
ui unifi_cloudkey_firmware *
ui unifi_cloudkey -
ui unifi_cloudkey_enterprise_firmware *
ui unifi_cloudkey_enterprise -
ui unifi_network_video_recorder_g2_firmware *
ui unifi_network_video_recorder_g2 -
ui unifi_network_video_recorder_g2_pro_firmware *
ui unifi_network_video_recorder_g2_pro -
ui unifi_dream_machine_beast_firmware *
ui unifi_dream_machine_beast -
ui unas_2_firmware *
ui unas_2 -
ui unas_4_firmware *
ui unas_4 -
ui unas_pro_firmware *
ui unas_pro -
ui unas_pro_4_firmware *
ui unas_pro_4 -
ui unas_pro_8_firmware *
ui unas_pro_8 -
ui unifi_express_firmware *
ui unifi_express -

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "UniFi OS Server",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.0.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Express",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "4.0.14",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-SE",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-Pro-Max",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDM-Beast",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EFG",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDW",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDR",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDR7",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UDR-5G",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Express 7",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-Instant",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-G2",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNVR-G2-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ENVR",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ENVR-Core",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-2",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-4",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-Pro",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-Pro-4",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNAS-Pro-8",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCKP",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCK",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCK-Enterprise",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Ultra",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Max",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Fiber",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UCG-Industrial",
          "vendor": "Ubiquiti Inc",
          "versions": [
            {
              "lessThan": "5.1.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "support@hackerone.com"
    }
  ],
  "cisaActionDue": "2026-06-26",
  "cisaExploitAdd": "2026-06-23",
  "cisaRequiredAction": "Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA\u2019s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA\u2019s \u201cForensics Triage Requirements\u201d (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset\u0027s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.",
  "cisaVulnerabilityName": "Ubiquiti UniFi OS Path Traversal Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "660F20FA-9862-4FE1-8C27-0AEAEE2F2A69",
              "versionEndExcluding": "5.0.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37D51815-9B4B-4753-9907-141E183A29AE",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloud_gateway_industrial:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABDECBF6-CB92-4AF6-A3AB-D4AA4635B688",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C302996-B127-48DD-9652-44C120351EE2",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_machine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E04DDA-88A0-47C1-8AE2-2F59B1A08BAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6C4EB63-3ED5-4A5E-9C70-446159333C34",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B493983E-8632-4492-9B0A-E8E11E0E0BB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_machine_special_edition_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDF1A5E-2127-4F22-88FE-72185E1D102D",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_machine_special_edition:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF52155-86F1-458A-8B7E-355B67C5C819",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "131427ED-219F-44D7-AF4C-1EE2EBF0C0FF",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_machine_pro_max:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60808A48-C41A-448F-97C4-B1CD8DCCB4DA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDD13CAB-C444-43CF-8E56-D3B3EF5208FC",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:enterprise_fortress_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C87C188-7982-4DFF-98F1-58511360F3E3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_wall_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4991C6F7-E443-4CA3-8EA5-C71D1252B300",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_wall:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B6514E-2878-4AEE-BF1E-08B804C069FE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_router_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D73F0DB-0E95-44B0-9CC0-BFEBB0582ECC",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1FF6A5E-A223-4F57-9FFD-F2AE473B3627",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_router_7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BAF5DAD-7403-4811-B2F3-490F72CB5C0D",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_router_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A41E5541-FC13-430C-BDCA-CC677B372D7F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_express_7_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56E176C6-07DB-4E14-B41C-4AC34CAAC1B7",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_express_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0201D-D5C9-4CE7-A302-467F602D73D2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_network_video_recorder_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC49DF3-4CB0-491E-A4E9-46EE6C2CDD3C",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_network_video_recorder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D7AF0C-CF50-485D-8471-9AB1AA6471CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_network_video_recorder_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D83F4DFB-C975-4E3C-A045-AAE24EB7C54F",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_network_video_recorder_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87FB08DA-35EA-4C27-AA5F-2B7AE25D58FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_network_video_recorder_instant_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E78B7448-6777-4488-BDA9-C0514FC7BB6B",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_network_video_recorder_instant:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8EB74F-F32A-4A5E-B613-58F2F7BC24CB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FFB1B14-CFB2-45D3-AA35-FBA93A4D5606",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:enterprise_network_video_recorder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "348BBC75-CA5B-4B38-A2CF-28313B7168F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA783309-29D0-40C6-9B4A-D961A486CBCC",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloud_gateway_ultra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C468BFA-A87B-4A3F-B12C-B3BCE225167C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20690D42-B607-4E40-8D87-B8715838BD1F",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloud_gateway_max:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "022225AB-7AF9-4F7A-97A2-CD8700DEA087",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1DF011-B148-4706-90D9-55DB0FD9A3E2",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloud_gateway_fiber:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "01C00466-E414-4DF7-8752-93D3D77C5104",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_router_5g_max_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F12DAB1-E58E-4044-A799-792A3DD59642",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_router_5g_max:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA957B87-E4D2-4B7C-AC27-200BFC44477E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47600BC6-7DDF-4ABA-A0C6-1E3C6C4E67B1",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:enterprise_network_video_recorder_core:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD22580F-1E63-48F0-BE9C-1EA9328DD539",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29802116-2569-4863-B830-AF6C054BCDE2",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloud_key_plus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C4ED829-08E6-4330-B105-DC01A3159C90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "638BF6B4-4DBF-43C7-A355-3FE897029F2D",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloudkey:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A484BC77-24D3-423F-AC16-3341C3396BA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E132D457-330E-43DF-BC6D-956A9C65E9C5",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_cloudkey_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD7812E-3548-4B2C-9416-DEE0985AB07C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_network_video_recorder_g2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FFBED72-FDF6-4487-B6FA-AEF0BBA7BF07",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_network_video_recorder_g2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FF59AE-F5F6-4539-97EC-5157F67FD055",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_network_video_recorder_g2_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B19E2F5-A96A-45E5-B625-435C5951BEB0",
              "versionEndExcluding": "5.1.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_network_video_recorder_g2_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A3E3E6-68EF-43E6-9AB3-AD52FCADE57F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C1D3765-2301-4C60-BC5E-865650E214E5",
              "versionEndExcluding": "5.1.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_dream_machine_beast:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A0A6D7-4361-49AD-87E3-3FB32A958C4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AF18D8-1301-4B8D-AD23-5EF5BB2182AA",
              "versionEndExcluding": "5.1.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unas_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FC98765-1006-49C1-9464-92428738170A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "522AF8E6-5095-42D0-AAC5-38DBC76536F4",
              "versionEndExcluding": "5.1.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unas_4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68133D0-7571-4E6C-A5F5-AAD2DFE91B80",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ACD7950-1346-460C-9B07-6A57103E1298",
              "versionEndExcluding": "5.1.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unas_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0AD026-E7CD-4783-8B5B-BF50CFEF8F37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B75FAFD-6176-4B36-85B9-9D9FB314FCF0",
              "versionEndExcluding": "5.1.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unas_pro_4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A57444B-B60E-4AE0-A198-C85546D94126",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA7EECEA-6628-4CD7-A336-78D8AEBD049A",
              "versionEndExcluding": "5.1.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unas_pro_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EC6593-E65D-4287-BB47-0EC53BCA7BAB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ui:unifi_express_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C77E9DE-FA81-4097-B24A-CA2C76C8B129",
              "versionEndExcluding": "4.0.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ui:unifi_express:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E793FAA6-55B5-4C10-84EA-0A3EFDAEF5E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account."
    }
  ],
  "id": "CVE-2026-34909",
  "lastModified": "2026-06-24T14:49:53.287",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "support@hackerone.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-34909",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-23T00:00:00+00:00",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-05-22T02:16:34.390",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…