CVE-2026-34908
CVE-2026-34908
In short
An attacker on the network can bypass security controls in UniFi OS devices to make unauthorized changes to the system. This is a critical flaw because it allows complete compromise of the device without requiring special credentials.
Technical detail
CWE-284 (Improper Access Control) in UniFi OS allows network-adjacent attackers to modify system configurations without proper authorization checks. The vulnerability requires network access but no authentication, enabling arbitrary system modifications with full impact on confidentiality, integrity, and availability.
Summary generated and translated by AI from the official description.
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Ubiquiti Inc · EFGUbiquiti Inc · ENVRUbiquiti Inc · ENVR-CoreUbiquiti Inc · Express 7Ubiquiti Inc · UCG-FiberUbiquiti Inc · UCG-IndustrialUbiquiti Inc · UCG-MaxUbiquiti Inc · UCG-UltraUbiquiti Inc · UCKUbiquiti Inc · UCK-EnterpriseUbiquiti Inc · UCKPUbiquiti Inc · UDMUbiquiti Inc · UDM-BeastUbiquiti Inc · UDM-ProUbiquiti Inc · UDM-Pro-MaxUbiquiti Inc · UDM-SEUbiquiti Inc · UDRUbiquiti Inc · UDR-5GUbiquiti Inc · UDR7Ubiquiti Inc · UDWUbiquiti Inc · UNAS-2Ubiquiti Inc · UNAS-4Ubiquiti Inc · UNAS-ProUbiquiti Inc · UNAS-Pro-4Ubiquiti Inc · UNAS-Pro-8Ubiquiti Inc · UniFi OS ServerUbiquiti Inc · UNVRUbiquiti Inc · UNVR-G2Ubiquiti Inc · UNVR-G2-ProUbiquiti Inc · UNVR-InstantUbiquiti Inc · UNVR-Propublic PoCs found — 1
githubgithub.com/BishopFox/CVE-2026-34908-check★ 60⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →