HIGHCVE-2026-34911Published Modified CNA hackerone
CVE-2026-34911: A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Metrics
- CVSS v3.1
- 7.7
- Severity
- HIGH
- Fixed in
- 5.0.8
- Affected Products
- 31
Fix available
5.0.85.1.105.1.115.1.12
Affected packages
- Ubiquiti Inc / UniFi OS Server< 5.0.8 (from 0)
- Ubiquiti Inc / UDM< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-SE< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Pro-Max< 5.1.12 (from 0)
- Ubiquiti Inc / UDM-Beast< 5.1.11 (from 0)
- Ubiquiti Inc / EFG< 5.1.12 (from 0)
- Ubiquiti Inc / UDW< 5.1.12 (from 0)
- Ubiquiti Inc / UDR< 5.1.12 (from 0)
- Ubiquiti Inc / UDR7< 5.1.12 (from 0)
- Ubiquiti Inc / UDR-5G< 5.1.12 (from 0)
- Ubiquiti Inc / Express 7< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-Instant< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-G2< 5.1.12 (from 0)
- Ubiquiti Inc / UNVR-G2-Pro< 5.1.12 (from 0)
- Ubiquiti Inc / ENVR< 5.1.12 (from 0)
- Ubiquiti Inc / ENVR-Core< 5.1.12 (from 0)
- Ubiquiti Inc / UNAS-2< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-4< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro-4< 5.1.10 (from 0)
- Ubiquiti Inc / UNAS-Pro-8< 5.1.10 (from 0)
- Ubiquiti Inc / UCKP< 5.1.12 (from 0)
- Ubiquiti Inc / UCK< 5.1.12 (from 0)
- Ubiquiti Inc / UCK-Enterprise< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Ultra< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Max< 5.1.12 (from 0)
- Ubiquiti Inc / UCG-Fiber< 5.1.12 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NReferences