CRITICALCVE-2026-34909Published Modified CNA hackerone
CVE-2026-34909: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- 4.0.14
- Affected Products
- 32
Fix available
4.0.145.0.85.1.105.1.115.1.12
Affected packages
- Ubiquiti Inc / UniFi OS Server< 5.0.8 (from 0)
- Ubiquiti Inc / Express< 4.0.14 (from 0)
- Ubiquiti Inc / UDM< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-SE< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Pro-Max< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Beast< 5.1.11 (from 0)
- Ubiquiti Inc / EFG< 5.1.12 (from 0)
- Ubiquiti Inc / UDW< 5.1.12 (from 0)
- Ubiquiti Inc / UDR< 5.1.12 (from 0)
- Ubiquiti Inc / UDR7< 5.1.12 (from 0)
- Ubiquiti Inc / UDR-5G< 5.1.12 (from 0)
- Ubiquiti Inc / Express 7< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-Instant< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-G2< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-G2-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / ENVR< 5.1.12 (from 0)
- Ubiquiti Inc / ENVR-Core< 5.1.12 (from 0)
- Ubiquiti Inc / UNAS-2< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-4< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro-4< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro-8< 5.1.10 (from 0)
- Ubiquiti Inc / UCKP< 5.1.12 (from 0)
- Ubiquiti Inc / UCK< 5.1.12 (from 0)
- Ubiquiti Inc / UCK-Enterprise< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Ultra< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Max< 5.1.12 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HReferences