Description
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Published: 2026-05-22
Score: 7.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal vulnerability exists in the UniFi OS device web interface that allows an attacker with limited network access to supply a crafted file path and read arbitrary files from the underlying operating system. The disclosed files may contain sensitive configuration data, authentication credentials or system logs, giving the adversary confidential information that could be used to further compromise the network.

Affected Systems

Affected devices include a wide range of Ubiquiti UniFi OS products such as EFG, ENVR, ENVR‑Core, Express 7, UCG‑Fiber, UCG‑Industrial, UCG‑Max, UCG‑Ultra, UCK, UCK‑Enterprise, UCKP, UDM, UDM‑Beast, UDM‑Pro, UDM‑Pro‑Max, UDM‑SE, UDR, UDR‑5G, UDR7, UDW, UNAS‑2, UNAS‑4, UNAS‑Pro, UNAS‑Pro‑4, UNAS‑Pro‑8, UNVR, UNVR‑G2, UNVR‑G2‑Pro, UNVR‑Instant, UNVR‑Pro, and UniFi OS Server. The advisory does not list specific firmware versions; the flaw is present in all firmware builds prior to the vendor’s fix.

Risk and Exploitability

The CVSS base score of 7.7 indicates a high risk to confidentiality. No EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be an internal or tunnelled network connection to the device’s management interface, where an actor with low privileges crafts a malicious path. Even without publicly known exploits, the potential for sensitive data disclosure makes timely remediation critical.

Generated by OpenCVE AI on May 22, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Ubiquiti that includes the path‑traversal fix when it becomes available.
  • Restrict the device’s web interface to a trusted internal network or VPN, and configure firewall rules to block all other external access.
  • Implement network segmentation to isolate UniFi OS devices from less‑trusted segments and limit lateral movement by any compromised workstations.

Generated by OpenCVE AI on May 22, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 03:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Vulnerability in UniFi OS Devices Allows Unauthorized File Access

Fri, 22 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-05-22T00:43:49.189Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34911

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-22T02:16:34.667

Modified: 2026-05-22T02:16:34.667

Link: CVE-2026-34911

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T03:30:25Z

Weaknesses