PT-2026-42660 · Ubiquiti · Unifi Os

CVE-2026-34911

·

Published

2026-05-21

·

Updated

2026-06-24

CVSS v3.1

7.7

High

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions UniFi OS (affected versions not specified)
Description A Path Traversal vulnerability exists in UniFi OS devices, where a malicious actor with network access and low privileges can access internal routes and files on the underlying system without a valid token. This flaw can be manipulated to obtain sensitive information and may be chained with other issues, such as Improper Access Control and Command Injection, to achieve pre-authentication Remote Code Execution (RCE), which is the ability to execute arbitrary commands on a target machine over a network without prior authentication.
Recommendations Update affected systems to the latest available version.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07801
CVE-2026-34911

Affected Products

Unifi Os