CVE-2026-34910KEVEXPLOITEDPATCHED

ubiquiti · unifi os

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS

Description

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Affected Products

Vendor	Product	Versions
ubiquiti	unifi os	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ubiquiti	unifi	cert_advisory	90%

References

Related News (3 articles)

Tier D

Heise Security17d ago

UniFi OS Server: Kritische Sicherheitslücken ermöglichen Angriffe

→ No new info (linked only)

Tier B

BSI Advisories22d ago

[NEU] [hoch] Ubiquiti UniFi OS Server: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB22d ago

CVE-2026-34910 | Ubiquiti UniFi OS Server up to 5.0.7 input validation

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

5.0.85.1.125.1.115.1.10

CWECWE-20

PublishedMay 22, 2026

Last enriched22d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-34908EXPKEV

CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS de

Trending: 106

CRITICALCVE-2026-47370EXP

CVE-2026-47370: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 56

HIGHCVE-2026-48610EXP

CVE-2026-48610: Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control

Trending: 43

CRITICALCVE-2026-47369

CVE-2026-47369: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability

Trending: 41

HIGHCVE-2026-47368

CVE-2026-47368: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices runni

Trending: 24

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 22, 2026

Added to CISA KEV

May 22, 2026

Discovered by ZDM

May 22, 2026

Updated: affectedVersions, severity, activelyExploited, tags

May 22, 2026

Actively Exploited

May 23, 2026

Exploit Available

May 23, 2026

Patch Available

May 23, 2026

Version History

Last enriched 22d ago

v2Tier C22d ago

Updated affected versions to include 5.0.7, changed severity to HIGH, and noted that the vulnerability is actively exploited.

affectedVersionsseverityactivelyExploitedtags

via VulDB

v122d ago

Initial creation