CRITICALCVE-2026-34908Published Modified CNA hackerone
CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- 5.0.8
- Affected Products
- 31
Fix available
5.0.85.1.105.1.115.1.12
Affected packages
- Ubiquiti Inc / UniFi OS Server< 5.0.8 (from 0)
- Ubiquiti Inc / UDM< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-SE< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Pro-Max< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Beast< 5.1.11 (from 0)
- Ubiquiti Inc / EFG< 5.1.12 (from 0)
- Ubiquiti Inc / UDW< 5.1.12 (from 0)
- Ubiquiti Inc / UDR< 5.1.12 (from 0)
- Ubiquiti Inc / UDR7< 5.1.12 (from 0)
- Ubiquiti Inc / UDR-5G< 5.1.12 (from 0)
- Ubiquiti Inc / Express 7< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-Instant< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-G2< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-G2-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / ENVR< 5.1.12 (from 0)
- Ubiquiti Inc / ENVR-Core< 5.1.12 (from 0)
- Ubiquiti Inc / UNAS-2< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-4< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro-4< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro-8< 5.1.10 (from 0)
- Ubiquiti Inc / UCKP< 5.1.12 (from 0)
- Ubiquiti Inc / UCK< 5.1.12 (from 0)
- Ubiquiti Inc / UCK-Enterprise< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Ultra< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Max< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Fiber< 5.1.12 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences