Description
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Published: 2026-05-22
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that an improper access control flaw in Ubiquiti UniFi OS devices allows an attacker who can reach the local network to change system settings without authorization. The vulnerability, classified as CWE‑284, may enable unauthorized modification of configuration, compromising device integrity, availability, and potentially exposing the broader network.

Affected Systems

All UniFi OS devices from Ubiquiti, including EFG, ENVR, ENVR‑Core, Express 7, UCG‑Fiber, UCG‑Industrial, UCG‑Max, UCG‑Ultra, UCK, UCK‑Enterprise, UCKP, UDM, UDM‑Beast, UDM‑Pro, UDM‑Pro‑Max, UDM‑SE, UDR, UDR‑5G, UDR7, UDW, UNAS‑2, UNAS‑4, UNAS‑Pro, UNAS‑Pro‑4, UNAS‑Pro‑8, UNVR, UNVR‑G2, UNVR‑G2‑Pro, UNVR‑Instant, UNVR‑Pro, and UniFi OS Server.

Risk and Exploitability

The flaw carries a CVSS score of 10, indicating maximum impact. Based on the description, it is inferred that an attacker with basic network access to any affected device can exploit the access control lapse without additional credentials. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, but the high severity and lack of prerequisite conditions suggest a substantial risk to any network hosting these devices.

Generated by OpenCVE AI on May 22, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all UniFi OS devices to the latest firmware or software builds released by Ubiquiti.
  • Limit management traffic to the UniFi OS controllers by placing them in a dedicated VLAN or applying firewall rules so only trusted hosts may communicate with them.
  • Enable logging of configuration changes and review logs regularly to detect unauthorized modifications.

Generated by OpenCVE AI on May 22, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 22 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in UniFi OS Devices Enables Unauthorized Configuration Changes

Fri, 22 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Efg Envr Envr-core Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-05-23T03:55:49.702Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34908

cve-icon Vulnrichment

Updated: 2026-05-22T12:51:08.130Z

cve-icon NVD

Status : Deferred

Published: 2026-05-22T02:16:34.240

Modified: 2026-05-22T16:22:31.900

Link: CVE-2026-34908

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T12:38:21Z

Weaknesses