Ubiquiti Inc Efg vulnerabilities
9 known vulnerabilities affecting ubiquiti_inc/efg.
Total CVEs
9
CISA KEV
3
actively exploited
Public exploits
1
Exploited in wild
3
Severity breakdown
CRITICAL5HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-34910P1CRITICALCVSS 10.0KEVPoCfixed in 5.1.122026-05-22
CVE-2026-34910 [CRITICAL] CWE-20 CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerabilit
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
nvd
CVE-2026-34909P1CRITICALCVSS 10.0KEVfixed in 5.1.122026-05-22
CVE-2026-34909 [CRITICAL] CWE-22 CVE-2026-34909: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in U
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
nvd
CVE-2026-34908P1CRITICALCVSS 10.0KEVfixed in 5.1.122026-05-22
CVE-2026-34908 [CRITICAL] CWE-284 CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
nvd
CVE-2026-47370P2CRITICALCVSS 9.9fixed in 5.1.152026-06-12
CVE-2026-47370 [CRITICAL] CWE-20 CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Vali
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
nvd
CVE-2026-47369P2CRITICALCVSS 9.9fixed in 5.1.152026-06-12
CVE-2026-47369 [CRITICAL] CWE-20 CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Vali
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
nvd
CVE-2026-47368P3HIGHCVSS 8.6fixed in 5.1.152026-06-12
CVE-2026-47368 [HIGH] CWE-22 CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in c
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
nvd
CVE-2026-48610P3HIGHCVSS 8.1fixed in 5.1.152026-06-12
CVE-2026-48610 [HIGH] CWE-284 CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Impr
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
nvd
CVE-2026-34911P3HIGHCVSS 7.7fixed in 5.1.122026-05-22
CVE-2026-34911 [HIGH] CWE-22 CVE-2026-34911: A malicious actor with access to the network and low privileges could exploit a Path Traversal vulne
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
nvd
CVE-2025-23091P4MEDIUMCVSS 5.9≥ 4.1.13, < 4.1.132025-02-01
CVE-2025-23091 [MEDIUM] CWE-295 CVE-2025-23091: An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could a
An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.
nvd