Zero Day MonitorZDM

← Back to list

10.0

CVE-2026-34908KEVEXPLOITEDPATCHED

ubiquiti · unifi os

CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de

Description

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Affected Products

Vendor	Product	Versions
ubiquiti	unifi os	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5.0.6, 5.0.8, 5.1.10, 5.1.11, 5.1.12, 1.61.3, 4.0.14

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ubiquiti	unifi	cert_advisory	90%

References

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Related News (6 articles)

Tier B

CCCS Canada1d ago

Ubiquiti security advisory (AV26-589)

→ No new info (linked only)

Tier D

BleepingComputer4d ago

Critical UniFi OS bug lets hackers gain root without authentication

→ No new info (linked only)

Tier D

Heise Security17d ago

UniFi OS Server: Kritische Sicherheitslücken ermöglichen Angriffe

→ No new info (linked only)

Tier B

CCCS Canada21d ago

Ubiquiti security advisory (AV26-498)

→ No new info (linked only)

Tier B

BSI Advisories22d ago

[NEU] [hoch] Ubiquiti UniFi OS Server: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB22d ago

CVE-2026-34908 | Ubiquiti UniFi OS Server prior 5.0.8 access control

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

5.1.12

CWECWE-284

PublishedMay 22, 2026

Last enriched1d agov5

Tags

remote code executionauthentication bypass

Trending Score108🔥

Source articles6

Independent5

Info Completeness11/14

Missing: epss, exploit, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-47370EXP

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

HIGHCVE-2026-48610EXP

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control

CRITICALCVE-2026-47369

CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

HIGHCVE-2026-47368

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices runni

CRITICALCVE-2026-34910EXPKEV

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 22, 2026

Added to CISA KEV

May 22, 2026

Discovered by ZDM

May 22, 2026

Updated: affectedVersions, activelyExploited

May 22, 2026

Updated: affectedVersions, patchAvailable

May 22, 2026

Actively Exploited

May 23, 2026

Patch Available

May 23, 2026

Updated: affectedVersions, iocs, tags

Jun 8, 2026

Updated: affectedVersions, patchAvailable

Jun 11, 2026

Version History

v5

Last enriched 1d ago

v5Tier B1d ago

Updated affected versions to include 5.0.8 and newer versions, and changed the patch available to 5.1.12.

affectedVersionspatchAvailable

via CCCS Canada

v4Tier D4d ago

Updated description with detailed technical information, added affected version 5.0.6, marked exploit as available, and included new IoCs and tags.

affectedVersionsiocstags

via BleepingComputer

v3Tier B21d ago

Updated affected versions to include 5.0.6 and corrected patch available version to 5.0.6.

affectedVersionspatchAvailable

via CCCS Canada

v2Tier C22d ago

Updated affected versions with additional products and marked the vulnerability as actively exploited.

affectedVersionsactivelyExploited

via VulDB

v122d ago

Initial creation