Description
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
Published: 2026-07-02
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Path Traversal flaw (CWE-22) that allows an attacker with network access to bypass authentication on affected UniFi OS devices. By supplying a crafted file path, the attacker can access the device’s management interface without valid credentials.

Affected Systems

Affected systems include Ubiquiti Unifi OS products such as Cloud Gateways, Cloud Keys, Dream Machines, Dream Routers, Dream Wall, Enterprise Firewall Core, Enterprise Fortress Gateway, Enterprise Video Recorders, Express 7, Network Attached Storage, Network Video Recorders, and the UniFi OS Server. No specific version numbers are listed in the advisory.

Risk and Exploitability

The CVSS base score of 8.6 indicates a high severity exposure. EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog. The flaw requires network access to the UniFi OS device; an attacker able to reach the device on the network can exploit the path traversal to bypass authentication and potentially gain unauthorized control over the device configuration and network traffic. Prompt remediation is advised due to the high impact indicated by the CVSS score.

Generated by OpenCVE AI on July 3, 2026 at 18:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by Ubiquiti for UniFi OS devices that resolves the path traversal issue.
  • Restrict network access to the UniFi OS devices by configuring firewalls or VLAN segmentation so that only trusted administrative users can reach the management interface.
  • Monitor device logs for unauthorized authentication attempts and block any suspect IP addresses when such activity is detected.

Generated by OpenCVE AI on July 3, 2026 at 18:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Title Path Traversal Enables Authentication Bypass on Ubiquiti Unifi OS Devices

Fri, 03 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Title UniFi OS Path Traversal Authentication Bypass Vulnerability

Fri, 03 Jul 2026 06:30:00 +0000

Type Values Removed Values Added
Title UniFi OS Path Traversal Authentication Bypass Vulnerability

Thu, 02 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 15:15:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-07-02T16:09:42.714Z

Reserved: 2026-06-13T15:00:00.604Z

Link: CVE-2026-54403

cve-icon Vulnrichment

Updated: 2026-07-02T16:09:39.664Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-03T18:15:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')