CVE-2026-34911 - Vulnerability Details

- Path Traversal Vulnerability in UniFi OS Devices Allows Unauthorized File Access

Description

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

Published: 2026-05-22

Score: 7.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Ubiquiti Inc

UniFi OS Server

unaffected

Version	Status	Constraints
`0`	affected	< 5.0.8

Ubiquiti Inc

UDM

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-SE

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-Pro-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDM-Beast

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.11

Ubiquiti Inc

EFG

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDW

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDR7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UDR-5G

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

Express 7

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-Instant

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-G2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNVR-G2-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

ENVR

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

ENVR-Core

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UNAS-2

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-Pro

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-Pro-4

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UNAS-Pro-8

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.10

Ubiquiti Inc

UCKP

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCK

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCK-Enterprise

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Ultra

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Max

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Fiber

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

Ubiquiti Inc

UCG-Industrial

unaffected

Version	Status	Constraints
`0`	affected	< 5.1.12

No data.

Vendor Product Confidence Versions

Ubiquiti

Efg

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Envr

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Envr-core

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Express 7

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Ucg-fiber

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Ucg-industrial

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Ucg-max

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Ucg-ultra

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Uck

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Uck-enterprise

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Uckp

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udm

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udm-beast

100%

Version	Status	Scheme	Platform
`[0,5.1.11)`	affected	generic	—

Ubiquiti

Udm-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udm-pro-max

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udm-se

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udr

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udr-5g

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udr7

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Udw

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Unas-2

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	generic	—

Ubiquiti

Unas-4

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	generic	—

Ubiquiti

Unas-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	generic	—

Ubiquiti

Unas-pro-4

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	generic	—

Ubiquiti

Unas-pro-8

100%

Version	Status	Scheme	Platform
`[0,5.1.10)`	affected	generic	—

Ubiquiti

Unifi Os

100%

Version	Status	Scheme	Platform
`[0,5.0.8)`	affected	generic	—

Ubiquiti

Unvr

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Unvr-g2

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Unvr-g2-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Unvr-instant

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Ubiquiti

Unvr-pro

100%

Version	Status	Scheme	Platform
`[0,5.1.12)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0068.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

History

Fri, 22 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express 7 Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro
Vendors & Products		Ubiquiti Ubiquiti efg Ubiquiti envr Ubiquiti envr-core Ubiquiti express 7 Ubiquiti ucg-fiber Ubiquiti ucg-industrial Ubiquiti ucg-max Ubiquiti ucg-ultra Ubiquiti uck Ubiquiti uck-enterprise Ubiquiti uckp Ubiquiti udm Ubiquiti udm-beast Ubiquiti udm-pro Ubiquiti udm-pro-max Ubiquiti udm-se Ubiquiti udr Ubiquiti udr-5g Ubiquiti udr7 Ubiquiti udw Ubiquiti unas-2 Ubiquiti unas-4 Ubiquiti unas-pro Ubiquiti unas-pro-4 Ubiquiti unas-pro-8 Ubiquiti unifi Os Ubiquiti unvr Ubiquiti unvr-g2 Ubiquiti unvr-g2-pro Ubiquiti unvr-instant Ubiquiti unvr-pro

Fri, 22 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Title		Path Traversal Vulnerability in UniFi OS Devices Allows Unauthorized File Access

Fri, 22 May 2026 01:30:00 +0000

Type	Values Removed	Values Added
Description		A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
Weaknesses		CWE-22
References		https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

Subscriptions

Ubiquiti Efg Envr Envr-core Express 7 Ucg-fiber Ucg-industrial Ucg-max Ucg-ultra Uck Uck-enterprise Uckp Udm Udm-beast Udm-pro Udm-pro-max Udm-se Udr Udr-5g Udr7 Udw Unas-2 Unas-4 Unas-pro Unas-pro-4 Unas-pro-8 Unifi Os Unvr Unvr-g2 Unvr-g2-pro Unvr-instant Unvr-pro

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2026-05-22T00:43:49.189Z

Updated: 2026-05-22T12:37:48.894Z

Reserved: 2026-03-31T15:00:06.521Z

Link: CVE-2026-34911

Vulnrichment

Updated: 2026-05-22T12:37:44.037Z

NVD

Status : Deferred

Published: 2026-05-22T02:16:34.667

Modified: 2026-06-17T10:39:49.597

Link: CVE-2026-34911

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T12:38:17Z

Weaknesses

CWE-22

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object