Description
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Published: 2026-05-22
Score: 10 Critical
EPSS: 2.5% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper access control flaw (CWE-284) in UniFi OS devices allows an attacker who can reach the devices over the network to change system configuration. The vulnerability enables modification of device settings that govern network operation, thereby compromising the integrity of the device configuration and potentially affecting the network services it supports.

Affected Systems

All UniFi OS devices listed by the CNA, including EFG, ENVR, ENVR‑Core, Express 7, UCG‑Fiber, UCG‑Industrial, UCG‑Max, UCG‑Ultra, UCK, UCK‑Enterprise, UCKP, UDM, UDM‑Beast, UDM‑Pro, UDM‑Pro‑Max, UDM‑SE, UDR, UDR‑5G, UDR7, UDW, UNAS‑2, UNAS‑4, UNAS‑Pro, UNAS‑Pro‑4, UNAS‑Pro‑8, UNVR, UNVR‑G2, UNVR‑G2‑Pro, UNVR‑Instant, UNVR‑Pro, and UniFi OS Server. No specific firmware or software version information is provided, so every deployment of these devices should be treated as vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 10, indicating the highest severity. The EPSS score is 2%, yet the issue is listed in the CISA KEV catalog, indicating that exploit code or active attacks are known. Attackers only need network access to the affected devices; no additional credentials or privileged access are required.

Generated by OpenCVE AI on June 24, 2026 at 15:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or software releases from Ubiquiti that address the access control issue.
  • Limit network exposure by placing UniFi OS controllers and devices on dedicated VLANs or enforcing strict firewall rules so that only trusted management clients can reach them.
  • Enable and regularly review configuration change logs on the UniFi OS controller to detect any unauthorized modifications.

Generated by OpenCVE AI on June 24, 2026 at 15:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control Enables Unauthorized Configuration Changes on Ubiquiti UniFi OS Devices

Wed, 24 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in UniFi OS Devices Allows Unauthorized Configuration Changes

Wed, 24 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in UniFi OS Devices Allows Unauthorized Configuration Changes

Wed, 24 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control Allows Unauthorized Configuration Changes on UniFi OS Devices

Wed, 24 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Improper Access Control Allows Unauthorized Configuration Changes on UniFi OS Devices

Tue, 23 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control in UniFi OS Devices Enables Unauthorized Configuration Changes

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-23T00:00:00+00:00', 'dueDate': '2026-06-26T00:00:00+00:00'}


Fri, 22 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 22 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in UniFi OS Devices Enables Unauthorized Configuration Changes

Fri, 22 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Ubiquiti Efg Envr Envr-core Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-06-24T03:55:50.177Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34908

cve-icon Vulnrichment

Updated: 2026-05-22T12:51:08.130Z

cve-icon NVD

Status : Deferred

Published: 2026-05-22T02:16:34.240

Modified: 2026-06-17T10:39:49.210

Link: CVE-2026-34908

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:30:17Z

Weaknesses