CVEFinder.io

CVE-2026-34910

⛔ critical
🔍 Scan for this CVE
Summary

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

CVSS Score
10.0
Critical
EPSS Score
78.6
Exploit Probability
Published Date
2026-05-22
First Seen: 2026-05-23
📊 Relative Risk Intelligence

This CVE is Extremely High Risk - more severe than 100.0% of all 330,193 vulnerabilities in our database.

#1
Top 5% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 22, 2026
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-06-24
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-20

📦 Affected Products 3

Vendor Product Status Affected Versions
ui unifi_dream_machine_firmware Affected
< 5.1.12
ui unifi_dream_machine_pro_firmware Affected
< 5.1.12
ui unifi_os_server Affected
< 5.0.8

🔗 References 3

https://community.ui.com/releases/Security-Advisory-...
Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource
https://www.pwndefend.com/2026/06/09/cve-2026-34910-...
Exploit Third Party Advisory

🔗 Related CVEs 5

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-34908 ⛔ critical 10.0 2.5 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de... 2026-05-22
CVE-2026-34909 ⛔ critical 10.0 2.3 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to a... 2026-05-22
CVE-2026-34911 ⚠️ high 7.7 0.7 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in Un... 2026-05-22
CVE-2026-33000 ⛔ critical 9.1 1.1 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerabilit... 2026-05-22
CVE-2023-24104 ⛔ critical 9.8 0.0 Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. 2023-02-23
These CVEs affect the same products