CVEFinder.io

CVE-2026-34909

⛔ critical
🔍 Scan for this CVE
Summary

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

CVSS Score
10.0
Critical
EPSS Score
2.3
Exploit Probability
Published Date
2026-05-22
First Seen: 2026-05-23
📊 Relative Risk Intelligence

This CVE is Extremely High Risk - more severe than 100.0% of all 330,193 vulnerabilities in our database.

#1
Top 5% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 23, 2026
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-24
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-22

📦 Affected Products 3

Vendor Product Status Affected Versions
ui unifi_dream_machine_firmware Affected
< 5.1.12
ui unifi_dream_machine_pro_firmware Affected
< 5.1.12
ui unifi_os_server Affected
< 5.0.8

🔗 References 3

https://community.ui.com/releases/Security-Advisory-...
Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource
https://www.pwndefend.com/2026/06/09/cve-2026-34910-...
Exploit Third Party Advisory

🔗 Related CVEs 5

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-34908 ⛔ critical 10.0 2.5 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de... 2026-05-22
CVE-2026-34910 ⛔ critical 10.0 78.6 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS ... 2026-05-22
CVE-2026-34911 ⚠️ high 7.7 0.7 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un... 2026-05-22
CVE-2026-33000 ⛔ critical 9.1 1.1 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerabilit... 2026-05-22
CVE-2023-24104 ⛔ critical 9.8 0.0 Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. 2023-02-23
These CVEs affect the same products