CVE-2026-34908 - Vulnerability Details

- Improper Access Control Enables Unauthorized Configuration Changes on Ubiquiti UniFi OS Devices

Description

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Published: 2026-05-22

Score: 10 Critical

EPSS: 2.5% Low

KEV: Yes

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ubiquiti Inc

UniFi OS Server

unaffected

Version	Status	Constraints
`0`	affected	< 5.0.8

Ubiquiti Inc

UDM

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-SE

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-Pro-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-Beast

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.11

Ubiquiti Inc

EFG

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDW

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDR7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDR-5G

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

Express 7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-Instant

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-G2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-G2-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

ENVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

ENVR-Core

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNAS-2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-Pro-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-Pro-8

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UCKP

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCK

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCK-Enterprise

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Ultra

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Fiber

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Industrial

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

No data.

Vendor Product Confidence Versions

Ubiquiti

Efg

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Envr

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Envr-core

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Express 7

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Ucg-fiber

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Ucg-industrial

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Ucg-max

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Ucg-ultra

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Uck

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Uck-enterprise

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Uckp

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udm

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udm-beast

100%

Version	Status	Scheme	Platform
`[0,5.1.11)`	affected	semver	—

Ubiquiti

Udm-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udm-pro-max

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udm-se

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udr

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udr-5g

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udr7

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Udw

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unas-2

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unas-4

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unas-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	semver	—

Ubiquiti

Unas-pro-4

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	semver	—

Ubiquiti

Unas-pro-8

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	semver	—

Ubiquiti

Unifi Os

100%

Version	Status	Scheme	Platform
`[0,5.0.8)`	affected	semver	—

Ubiquiti

Unvr

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unvr-g2

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unvr-g2-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unvr-instant

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Ubiquiti

Unvr-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since June 23, 2026.

The EPSS score is 0.02452.

Exploitation active

Automatable yes

Technical Impact total

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908
https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/

History

Wed, 24 Jun 2026 15:45:00 +0000

Type	Values Removed	Values Added
Title		Improper Access Control Enables Unauthorized Configuration Changes on Ubiquiti UniFi OS Devices

Wed, 24 Jun 2026 12:45:00 +0000

Type	Values Removed	Values Added
Title	Improper Access Control in UniFi OS Devices Allows Unauthorized Configuration Changes

Wed, 24 Jun 2026 08:45:00 +0000

Type	Values Removed	Values Added
Title		Improper Access Control in UniFi OS Devices Allows Unauthorized Configuration Changes

Wed, 24 Jun 2026 05:45:00 +0000

Type	Values Removed	Values Added
Title	Improper Access Control Allows Unauthorized Configuration Changes on UniFi OS Devices

Wed, 24 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Title		Improper Access Control Allows Unauthorized Configuration Changes on UniFi OS Devices

Tue, 23 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Title	Improper Access Control in UniFi OS Devices Enables Unauthorized Configuration Changes

Tue, 23 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908 https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 23 Jun 2026 18:00:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-06-23T00:00:00+00:00', 'dueDate': '2026-06-26T00:00:00+00:00'}`

Fri, 22 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 22 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express 7 Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro
Vendors & Products		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express 7 Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro

Fri, 22 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Title		Improper Access Control in UniFi OS Devices Enables Unauthorized Configuration Changes

Fri, 22 May 2026 01:30:00 +0000

Type	Values Removed	Values Added
Description		A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Weaknesses		CWE-284
References		https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Ubiquiti Efg Envr Envr-core Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-05-22T00:43:49.077Z

Updated: 2026-06-24T03:55:50.177Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34908

Vulnrichment

Updated: 2026-05-22T12:51:08.130Z

NVD

Status : Deferred

Published: 2026-05-22T02:16:34.240

Modified: 2026-06-17T10:39:49.210

Link: CVE-2026-34908

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T15:30:17Z

Weaknesses

CWE-284

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object