PT-2026-48501 · Undefined · Undefined
Published
2026-06-10
·
Updated
2026-06-10
·
CVE-2026-3490
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
CVE-2026-34908 is a CVSS 10.0 improper access control flaw in UniFi OS Server where nginx evaluates the raw request URI for authentication but routes using the normalized URI, allowing unauthenticated attackers to reach protected endpoints and chain into full root RCE.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined