CVE-2026-34911

Name of the Vulnerable Software and Affected Versions UniFi OS (affected versions not specified)

Description A Path Traversal vulnerability exists in UniFi OS devices, where a malicious actor with network access and low privileges can access internal routes and files on the underlying system without a valid token. This flaw allows for the exposure of sensitive information and can be chained with other issues, such as Improper Access Control and Command Injection, to achieve pre-authentication Remote Code Execution (RCE), which is the ability to execute arbitrary commands on a target machine over a network without prior authentication.

Recommendations Update affected systems to the latest available version.