PT-2026-42657 · Ubiquiti · Unifi Os
Published
2026-05-22
·
Updated
2026-06-09
·
CVE-2026-34908
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UniFi OS (affected versions not specified)
Description
An improper access control issue in UniFi OS devices allows a malicious actor with network access to make unauthorized changes to the system. This flaw can be chained with other vulnerabilities to achieve unauthenticated remote code execution as root, and it is currently being exploited in the wild to deploy commodity malware.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unifi Os