Description
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
Published: 2026-05-22
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows a malicious actor with network access to exploit a flaw in UniFi OS devices, enabling the attacker to read and potentially manipulate files on the underlying host system. By doing so, the attacker can gain access to an underlying system account, exposing the device to full control and further exploitation. The weakness is a classic directory traversal (CWE-22) that bypasses normal filesystem protections.

Affected Systems

All Ubiquiti UniFi OS devices listed by the CNA – including UniFi routers, switches, access points, and the UniFi OS Server – are affected. No version information is provided, so any deployed device may be vulnerable until the vendor releases a fix.

Risk and Exploitability

The CVSS score of 10 marks this as a critical flaw; however the EPSS score is unavailable, so the current exploitation probability is uncertain but the lack of a KEV listing suggests no discovered public exploits. The attack is likely carried out from a host on the same network or directly connected to the device, with no authentication required, and can be triggered by requests to the device’s management interface.

Generated by OpenCVE AI on May 22, 2026 at 02:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or OS update released by Ubiquiti that addresses the path traversal flaw
  • Restrict network access to UniFi OS management interfaces, using firewalls or VLAN segmentation to limit exposure to trusted internal networks
  • Disable or remove any file management features that expose the host filesystem to the device’s web interface
  • Monitor system logs for attempted path traversal or anomalous file access patterns

Generated by OpenCVE AI on May 22, 2026 at 02:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 May 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro
Vendors & Products Ubiquiti
Ubiquiti efg
Ubiquiti envr
Ubiquiti envr-core
Ubiquiti express 7
Ubiquiti ucg-fiber
Ubiquiti ucg-industrial
Ubiquiti ucg-max
Ubiquiti ucg-ultra
Ubiquiti uck
Ubiquiti uck-enterprise
Ubiquiti uckp
Ubiquiti udm
Ubiquiti udm-beast
Ubiquiti udm-pro
Ubiquiti udm-pro-max
Ubiquiti udm-se
Ubiquiti udr
Ubiquiti udr-5g
Ubiquiti udr7
Ubiquiti udw
Ubiquiti unas-2
Ubiquiti unas-4
Ubiquiti unas-pro
Ubiquiti unas-pro-4
Ubiquiti unas-pro-8
Ubiquiti unifi Os
Ubiquiti unvr
Ubiquiti unvr-g2
Ubiquiti unvr-g2-pro
Ubiquiti unvr-instant
Ubiquiti unvr-pro

Fri, 22 May 2026 03:15:00 +0000

Type Values Removed Values Added
Title Path Traversal Vulnerability in UniFi OS Devices Allows Unauthorized System Access

Fri, 22 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Efg Envr Envr-core Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-05-22T20:19:51.649Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34909

cve-icon Vulnrichment

Updated: 2026-05-22T17:27:36.870Z

cve-icon NVD

Status : Received

Published: 2026-05-22T02:16:34.390

Modified: 2026-05-22T02:16:34.390

Link: CVE-2026-34909

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T12:38:22Z

Weaknesses