CVE-2026-34909

CVSS 10.0 · Critical EPSS 0.02% · P6 Updated May 23, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 32

Vendor	Product	Version Range	Status
Ubiquiti Inc	EFG	`< 5.1.12`	affected
Ubiquiti Inc	ENVR	`< 5.1.12`	affected
Ubiquiti Inc	ENVR-Core	`< 5.1.12`	affected
Ubiquiti Inc	Express	`< 4.0.14`	affected
Ubiquiti Inc	Express 7	`< 5.1.12`	affected
Ubiquiti Inc	UCG-Fiber	`< 5.1.12`	affected
Ubiquiti Inc	UCG-Industrial	`< 5.1.12`	affected
Ubiquiti Inc	UCG-Max	`< 5.1.12`	affected
Ubiquiti Inc	UCG-Ultra	`< 5.1.12`	affected
Ubiquiti Inc	UCK	`< 5.1.12`	affected
Ubiquiti Inc	UCK-Enterprise	`< 5.1.12`	affected
Ubiquiti Inc	UCKP	`< 5.1.12`	affected
Ubiquiti Inc	UDM	`< 5.1.12`	affected
Ubiquiti Inc	UDM-Beast	`< 5.1.11`	affected
Ubiquiti Inc	UDM-Pro	`< 5.1.12`	affected
Ubiquiti Inc	UDM-Pro-Max	`< 5.1.12`	affected
Ubiquiti Inc	UDM-SE	`< 5.1.12`	affected
Ubiquiti Inc	UDR	`< 5.1.12`	affected
Ubiquiti Inc	UDR-5G	`< 5.1.12`	affected
Ubiquiti Inc	UDR7	`< 5.1.12`	affected
Ubiquiti Inc	UDW	`< 5.1.12`	affected
Ubiquiti Inc	UNAS-2	`< 5.1.10`	affected
Ubiquiti Inc	UNAS-4	`< 5.1.10`	affected
Ubiquiti Inc	UNAS-Pro	`< 5.1.10`	affected
Ubiquiti Inc	UNAS-Pro-4	`< 5.1.10`	affected
Ubiquiti Inc	UNAS-Pro-8	`< 5.1.10`	affected
Ubiquiti Inc	UniFi OS Server	`< 5.0.8`	affected
Ubiquiti Inc	UNVR	`< 5.1.12`	affected
Ubiquiti Inc	UNVR-G2	`< 5.1.12`	affected
Ubiquiti Inc	UNVR-G2-Pro	`< 5.1.12`	affected
Ubiquiti Inc	UNVR-Instant	`< 5.1.12`	affected
Ubiquiti Inc	UNVR-Pro	`< 5.1.12`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34909

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ubiquiti UniFi OS Server 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ubiquiti UniFi OS Server是美国优比快（Ubiquiti）公司的一个统一管理UniFi网络与安防设备的服务器平台。 Ubiquiti UniFi OS Server存在安全漏洞，该漏洞源于路径遍历，可能导致具有网络访问权限的恶意行为者访问底层系统文件，进而操纵访问底层账户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Ubiquiti Inc	UniFi OS Server	0 ~ 5.0.8	-
Ubiquiti Inc	Express	0 ~ 4.0.14	-
Ubiquiti Inc	UDM	0 ~ 5.1.12	-
Ubiquiti Inc	UDM-Pro	0 ~ 5.1.12	-
Ubiquiti Inc	UDM-SE	0 ~ 5.1.12	-
Ubiquiti Inc	UDM-Pro-Max	0 ~ 5.1.12	-
Ubiquiti Inc	UDM-Beast	0 ~ 5.1.11	-
Ubiquiti Inc	EFG	0 ~ 5.1.12	-
Ubiquiti Inc	UDW	0 ~ 5.1.12	-
Ubiquiti Inc	UDR	0 ~ 5.1.12	-
Ubiquiti Inc	UDR7	0 ~ 5.1.12	-
Ubiquiti Inc	UDR-5G	0 ~ 5.1.12	-
Ubiquiti Inc	Express 7	0 ~ 5.1.12	-
Ubiquiti Inc	UNVR	0 ~ 5.1.12	-
Ubiquiti Inc	UNVR-Pro	0 ~ 5.1.12	-
Ubiquiti Inc	UNVR-Instant	0 ~ 5.1.12	-
Ubiquiti Inc	UNVR-G2	0 ~ 5.1.12	-
Ubiquiti Inc	UNVR-G2-Pro	0 ~ 5.1.12	-
Ubiquiti Inc	ENVR	0 ~ 5.1.12	-
Ubiquiti Inc	ENVR-Core	0 ~ 5.1.12	-
Ubiquiti Inc	UNAS-2	0 ~ 5.1.10	-
Ubiquiti Inc	UNAS-4	0 ~ 5.1.10	-
Ubiquiti Inc	UNAS-Pro	0 ~ 5.1.10	-
Ubiquiti Inc	UNAS-Pro-4	0 ~ 5.1.10	-
Ubiquiti Inc	UNAS-Pro-8	0 ~ 5.1.10	-
Ubiquiti Inc	UCKP	0 ~ 5.1.12	-
Ubiquiti Inc	UCK	0 ~ 5.1.12	-
Ubiquiti Inc	UCK-Enterprise	0 ~ 5.1.12	-
Ubiquiti Inc	UCG-Ultra	0 ~ 5.1.12	-
Ubiquiti Inc	UCG-Max	0 ~ 5.1.12	-
Ubiquiti Inc	UCG-Fiber	0 ~ 5.1.12	-
Ubiquiti Inc	UCG-Industrial	0 ~ 5.1.12	-

II. Public POCs for CVE-2026-34909

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-34909

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-34909 (1)

🔗 Security Advisory Bulletin 064 | Ubiquiti Community Read full article

https://nvd.nist.gov/vuln/detail/CVE-2026-34909

Same Patch Batch · Ubiquiti Inc · 2026-05-22 · 5 CVEs total

CVE-2026-34910	10.0 CRITICAL	Ubiquiti UniFi OS Server 安全漏洞
CVE-2026-34908	10.0 CRITICAL	Ubiquiti UniFi OS Server 安全漏洞
CVE-2026-33000	9.1 CRITICAL	Ubiquiti UniFi OS Server 安全漏洞
CVE-2026-34911	7.7 HIGH	Ubiquiti UniFi OS Server 安全漏洞

IV. Related Vulnerabilities

Same product: UniFi OS Server

Same vendor: Ubiquiti Inc

Same weakness: CWE-22

V. Comments for CVE-2026-34909

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-34909

Possible ATT&CK Techniques 1AI

Affected Version Matrix 32

I. Basic Information for CVE-2026-34909

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-34909

III. Intelligence Information for CVE-2026-34909

Vendor Advisories for CVE-2026-34909 (1)

Same Patch Batch · Ubiquiti Inc · 2026-05-22 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-34909

Leave a comment