CVE-2026-34911
published 2026-05-22CVE-2026-34911: A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the…
PriorityP346high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.68%
47.8th percentile
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Affected
62 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | efg | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | envr | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | envr-core | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | express_7 | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-fiber | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-industrial | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-max | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-ultra | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | uck | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | uck-enterprise | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | uckp | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm-beast | < 5.1.11 | 5.1.11 |
| ubiquiti_inc | udm-pro | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm-pro-max | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm-se | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udr | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udr-5g | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udr7 | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udw | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | unas-2 | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-4 | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-pro | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-pro-4 | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-pro-8 | < 5.1.10 | 5.1.10 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
blogs_hackernews·2026-05-25
CVE-2026-46333 ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week.
A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times.
Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually looks real. Meanwhile, botnets are grabbing anything exposed to the internet like it's free candy. The Internet's still a dumpster fire.
Let’s get into
Bleepingcomputer
Ubiquiti patches three max severity UniFi OS vulnerabilities
blogs_bleepingcomputer·2026-05-22·CVSS 10.0
CVE-2026-34908 [CRITICAL] Ubiquiti patches three max severity UniFi OS vulnerabilities
## Ubiquiti patches three max severity UniFi OS vulnerabilities
## Sergiu Gatlan
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi Protect, UniFi Access, UniFi Talk, and UniFi Connect.
The first flaw ( CVE-2026-34908 ) enables attackers to make unauthorized changes to targeted systems by exploiting an Improper Access Control weakness in UniFi OS, while the second ( CVE-2026-34909 ) allows them to access files on the underlying system by abusing a Path Traversal vulner
2026-05-22
Published