CVE Stalker: CVE-2026-34909

CVE Details

CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability

Published: 2026-06-23 CVSS: 10 CRITICAL Product: Ubiquiti UniFi OS Due Date: 2026-06-26

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

BoredHackerBlog/unifi_5.0.6_exploitation • ⭐ 0 • 2026-06-14 • Conf: 90.0%
unifi os 5.0.6 pass traversal to admin & code exec scripts

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

Score: 10
Severity: CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: active
Automatable: yes
Technical Impact: total

References

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Show Raw Data

Key	Remaining Key	Value
dataType		CVE_RECORD
dataVersion		5.2
cveMetadata >	cveId	CVE-2026-34909
cveMetadata >	assignerOrgId	36234546-b8fa-4601-9d6f-f4e334aa8ea1
cveMetadata >	state	PUBLISHED
cveMetadata >	assignerShortName	hackerone
cveMetadata >	dateReserved	2026-03-31T15:00:06.521Z
cveMetadata >	datePublished	2026-05-22T00:43:49.072Z
cveMetadata >	dateUpdated	2026-06-23T17:52:03.583Z
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
containers >	cna > affected > 0 > defaultStatus	unaffected
containers >	cna > affected > 0 > vendor	Ubiquiti Inc
containers >	cna > affected > 0 > product	UniFi OS Server
containers >	cna > affected > 0 > versions > 0 > version	0
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > lessThan	5.0.8
containers >	cna > affected > 0 > versions > 0 > versionType	semver
containers >	cna > affected > 1 > defaultStatus	unaffected
containers >	cna > affected > 1 > vendor	Ubiquiti Inc
containers >	cna > affected > 1 > product	Express
containers >	cna > affected > 1 > versions > 0 > version	0
containers >	cna > affected > 1 > versions > 0 > status	affected
containers >	cna > affected > 1 > versions > 0 > lessThan	4.0.14
containers >	cna > affected > 1 > versions > 0 > versionType	semver
containers >	cna > affected > 2 > defaultStatus	unaffected
containers >	cna > affected > 2 > vendor	Ubiquiti Inc
containers >	cna > affected > 2 > product	UDM
containers >	cna > affected > 2 > versions > 0 > version	0
containers >	cna > affected > 2 > versions > 0 > status	affected
containers >	cna > affected > 2 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 2 > versions > 0 > versionType	semver
containers >	cna > affected > 3 > defaultStatus	unaffected
containers >	cna > affected > 3 > vendor	Ubiquiti Inc
containers >	cna > affected > 3 > product	UDM-Pro
containers >	cna > affected > 3 > versions > 0 > version	0
containers >	cna > affected > 3 > versions > 0 > status	affected
containers >	cna > affected > 3 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 3 > versions > 0 > versionType	semver
containers >	cna > affected > 4 > defaultStatus	unaffected
containers >	cna > affected > 4 > vendor	Ubiquiti Inc
containers >	cna > affected > 4 > product	UDM-SE
containers >	cna > affected > 4 > versions > 0 > version	0
containers >	cna > affected > 4 > versions > 0 > status	affected
containers >	cna > affected > 4 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 4 > versions > 0 > versionType	semver
containers >	cna > affected > 5 > defaultStatus	unaffected
containers >	cna > affected > 5 > vendor	Ubiquiti Inc
containers >	cna > affected > 5 > product	UDM-Pro-Max
containers >	cna > affected > 5 > versions > 0 > version	0
containers >	cna > affected > 5 > versions > 0 > status	affected
containers >	cna > affected > 5 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 5 > versions > 0 > versionType	semver
containers >	cna > affected > 6 > defaultStatus	unaffected
containers >	cna > affected > 6 > vendor	Ubiquiti Inc
containers >	cna > affected > 6 > product	UDM-Beast
containers >	cna > affected > 6 > versions > 0 > version	0
containers >	cna > affected > 6 > versions > 0 > status	affected
containers >	cna > affected > 6 > versions > 0 > lessThan	5.1.11
containers >	cna > affected > 6 > versions > 0 > versionType	semver
containers >	cna > affected > 7 > defaultStatus	unaffected
containers >	cna > affected > 7 > vendor	Ubiquiti Inc
containers >	cna > affected > 7 > product	EFG
containers >	cna > affected > 7 > versions > 0 > version	0
containers >	cna > affected > 7 > versions > 0 > status	affected
containers >	cna > affected > 7 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 7 > versions > 0 > versionType	semver
containers >	cna > affected > 8 > defaultStatus	unaffected
containers >	cna > affected > 8 > vendor	Ubiquiti Inc
containers >	cna > affected > 8 > product	UDW
containers >	cna > affected > 8 > versions > 0 > version	0
containers >	cna > affected > 8 > versions > 0 > status	affected
containers >	cna > affected > 8 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 8 > versions > 0 > versionType	semver
containers >	cna > affected > 9 > defaultStatus	unaffected
containers >	cna > affected > 9 > vendor	Ubiquiti Inc
containers >	cna > affected > 9 > product	UDR
containers >	cna > affected > 9 > versions > 0 > version	0
containers >	cna > affected > 9 > versions > 0 > status	affected
containers >	cna > affected > 9 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 9 > versions > 0 > versionType	semver
containers >	cna > affected > 10 > defaultStatus	unaffected
containers >	cna > affected > 10 > vendor	Ubiquiti Inc
containers >	cna > affected > 10 > product	UDR7
containers >	cna > affected > 10 > versions > 0 > version	0
containers >	cna > affected > 10 > versions > 0 > status	affected
containers >	cna > affected > 10 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 10 > versions > 0 > versionType	semver
containers >	cna > affected > 11 > defaultStatus	unaffected
containers >	cna > affected > 11 > vendor	Ubiquiti Inc
containers >	cna > affected > 11 > product	UDR-5G
containers >	cna > affected > 11 > versions > 0 > version	0
containers >	cna > affected > 11 > versions > 0 > status	affected
containers >	cna > affected > 11 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 11 > versions > 0 > versionType	semver
containers >	cna > affected > 12 > defaultStatus	unaffected
containers >	cna > affected > 12 > vendor	Ubiquiti Inc
containers >	cna > affected > 12 > product	Express 7
containers >	cna > affected > 12 > versions > 0 > version	0
containers >	cna > affected > 12 > versions > 0 > status	affected
containers >	cna > affected > 12 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 12 > versions > 0 > versionType	semver
containers >	cna > affected > 13 > defaultStatus	unaffected
containers >	cna > affected > 13 > vendor	Ubiquiti Inc
containers >	cna > affected > 13 > product	UNVR
containers >	cna > affected > 13 > versions > 0 > version	0
containers >	cna > affected > 13 > versions > 0 > status	affected
containers >	cna > affected > 13 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 13 > versions > 0 > versionType	semver
containers >	cna > affected > 14 > defaultStatus	unaffected
containers >	cna > affected > 14 > vendor	Ubiquiti Inc
containers >	cna > affected > 14 > product	UNVR-Pro
containers >	cna > affected > 14 > versions > 0 > version	0
containers >	cna > affected > 14 > versions > 0 > status	affected
containers >	cna > affected > 14 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 14 > versions > 0 > versionType	semver
containers >	cna > affected > 15 > defaultStatus	unaffected
containers >	cna > affected > 15 > vendor	Ubiquiti Inc
containers >	cna > affected > 15 > product	UNVR-Instant
containers >	cna > affected > 15 > versions > 0 > version	0
containers >	cna > affected > 15 > versions > 0 > status	affected
containers >	cna > affected > 15 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 15 > versions > 0 > versionType	semver
containers >	cna > affected > 16 > defaultStatus	unaffected
containers >	cna > affected > 16 > vendor	Ubiquiti Inc
containers >	cna > affected > 16 > product	UNVR-G2
containers >	cna > affected > 16 > versions > 0 > version	0
containers >	cna > affected > 16 > versions > 0 > status	affected
containers >	cna > affected > 16 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 16 > versions > 0 > versionType	semver
containers >	cna > affected > 17 > defaultStatus	unaffected
containers >	cna > affected > 17 > vendor	Ubiquiti Inc
containers >	cna > affected > 17 > product	UNVR-G2-Pro
containers >	cna > affected > 17 > versions > 0 > version	0
containers >	cna > affected > 17 > versions > 0 > status	affected
containers >	cna > affected > 17 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 17 > versions > 0 > versionType	semver
containers >	cna > affected > 18 > defaultStatus	unaffected
containers >	cna > affected > 18 > vendor	Ubiquiti Inc
containers >	cna > affected > 18 > product	ENVR
containers >	cna > affected > 18 > versions > 0 > version	0
containers >	cna > affected > 18 > versions > 0 > status	affected
containers >	cna > affected > 18 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 18 > versions > 0 > versionType	semver
containers >	cna > affected > 19 > defaultStatus	unaffected
containers >	cna > affected > 19 > vendor	Ubiquiti Inc
containers >	cna > affected > 19 > product	ENVR-Core
containers >	cna > affected > 19 > versions > 0 > version	0
containers >	cna > affected > 19 > versions > 0 > status	affected
containers >	cna > affected > 19 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 19 > versions > 0 > versionType	semver
containers >	cna > affected > 20 > defaultStatus	unaffected
containers >	cna > affected > 20 > vendor	Ubiquiti Inc
containers >	cna > affected > 20 > product	UNAS-2
containers >	cna > affected > 20 > versions > 0 > version	0
containers >	cna > affected > 20 > versions > 0 > status	affected
containers >	cna > affected > 20 > versions > 0 > lessThan	5.1.10
containers >	cna > affected > 20 > versions > 0 > versionType	semver
containers >	cna > affected > 21 > defaultStatus	unaffected
containers >	cna > affected > 21 > vendor	Ubiquiti Inc
containers >	cna > affected > 21 > product	UNAS-4
containers >	cna > affected > 21 > versions > 0 > version	0
containers >	cna > affected > 21 > versions > 0 > status	affected
containers >	cna > affected > 21 > versions > 0 > lessThan	5.1.10
containers >	cna > affected > 21 > versions > 0 > versionType	semver
containers >	cna > affected > 22 > defaultStatus	unaffected
containers >	cna > affected > 22 > vendor	Ubiquiti Inc
containers >	cna > affected > 22 > product	UNAS-Pro
containers >	cna > affected > 22 > versions > 0 > version	0
containers >	cna > affected > 22 > versions > 0 > status	affected
containers >	cna > affected > 22 > versions > 0 > lessThan	5.1.10
containers >	cna > affected > 22 > versions > 0 > versionType	semver
containers >	cna > affected > 23 > defaultStatus	unaffected
containers >	cna > affected > 23 > vendor	Ubiquiti Inc
containers >	cna > affected > 23 > product	UNAS-Pro-4
containers >	cna > affected > 23 > versions > 0 > version	0
containers >	cna > affected > 23 > versions > 0 > status	affected
containers >	cna > affected > 23 > versions > 0 > lessThan	5.1.10
containers >	cna > affected > 23 > versions > 0 > versionType	semver
containers >	cna > affected > 24 > defaultStatus	unaffected
containers >	cna > affected > 24 > vendor	Ubiquiti Inc
containers >	cna > affected > 24 > product	UNAS-Pro-8
containers >	cna > affected > 24 > versions > 0 > version	0
containers >	cna > affected > 24 > versions > 0 > status	affected
containers >	cna > affected > 24 > versions > 0 > lessThan	5.1.10
containers >	cna > affected > 24 > versions > 0 > versionType	semver
containers >	cna > affected > 25 > defaultStatus	unaffected
containers >	cna > affected > 25 > vendor	Ubiquiti Inc
containers >	cna > affected > 25 > product	UCKP
containers >	cna > affected > 25 > versions > 0 > version	0
containers >	cna > affected > 25 > versions > 0 > status	affected
containers >	cna > affected > 25 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 25 > versions > 0 > versionType	semver
containers >	cna > affected > 26 > defaultStatus	unaffected
containers >	cna > affected > 26 > vendor	Ubiquiti Inc
containers >	cna > affected > 26 > product	UCK
containers >	cna > affected > 26 > versions > 0 > version	0
containers >	cna > affected > 26 > versions > 0 > status	affected
containers >	cna > affected > 26 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 26 > versions > 0 > versionType	semver
containers >	cna > affected > 27 > defaultStatus	unaffected
containers >	cna > affected > 27 > vendor	Ubiquiti Inc
containers >	cna > affected > 27 > product	UCK-Enterprise
containers >	cna > affected > 27 > versions > 0 > version	0
containers >	cna > affected > 27 > versions > 0 > status	affected
containers >	cna > affected > 27 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 27 > versions > 0 > versionType	semver
containers >	cna > affected > 28 > defaultStatus	unaffected
containers >	cna > affected > 28 > vendor	Ubiquiti Inc
containers >	cna > affected > 28 > product	UCG-Ultra
containers >	cna > affected > 28 > versions > 0 > version	0
containers >	cna > affected > 28 > versions > 0 > status	affected
containers >	cna > affected > 28 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 28 > versions > 0 > versionType	semver
containers >	cna > affected > 29 > defaultStatus	unaffected
containers >	cna > affected > 29 > vendor	Ubiquiti Inc
containers >	cna > affected > 29 > product	UCG-Max
containers >	cna > affected > 29 > versions > 0 > version	0
containers >	cna > affected > 29 > versions > 0 > status	affected
containers >	cna > affected > 29 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 29 > versions > 0 > versionType	semver
containers >	cna > affected > 30 > defaultStatus	unaffected
containers >	cna > affected > 30 > vendor	Ubiquiti Inc
containers >	cna > affected > 30 > product	UCG-Fiber
containers >	cna > affected > 30 > versions > 0 > version	0
containers >	cna > affected > 30 > versions > 0 > status	affected
containers >	cna > affected > 30 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 30 > versions > 0 > versionType	semver
containers >	cna > affected > 31 > defaultStatus	unaffected
containers >	cna > affected > 31 > vendor	Ubiquiti Inc
containers >	cna > affected > 31 > product	UCG-Industrial
containers >	cna > affected > 31 > versions > 0 > version	0
containers >	cna > affected > 31 > versions > 0 > status	affected
containers >	cna > affected > 31 > versions > 0 > lessThan	5.1.12
containers >	cna > affected > 31 > versions > 0 > versionType	semver
containers >	cna > references > 0 > url	https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
containers >	cna > metrics > 0 > cvssV3_1 > version	3.1
containers >	cna > metrics > 0 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
containers >	cna > metrics > 0 > cvssV3_1 > baseScore	10
containers >	cna > metrics > 0 > cvssV3_1 > baseSeverity	CRITICAL
containers >	cna > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > cweId	CWE-22
containers >	cna > problemTypes > 0 > descriptions > 0 > description	CWE-22 Path Traversal
containers >	cna > providerMetadata > orgId	36234546-b8fa-4601-9d6f-f4e334aa8ea1
containers >	cna > providerMetadata > shortName	hackerone
containers >	cna > providerMetadata > dateUpdated	2026-05-22T20:19:51.649Z
containers >	adp > 0 > references > 0 > url	https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/
containers >	adp > 0 > references > 0 > tags > 0	third-party-advisory
containers >	adp > 0 > references > 1 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909
containers >	adp > 0 > references > 1 > tags > 0	government-resource
containers >	adp > 0 > metrics > 0 > other > type	ssvc
containers >	adp > 0 > metrics > 0 > other > content > timestamp	2026-06-23T17:50:14.322898Z
containers >	adp > 0 > metrics > 0 > other > content > id	CVE-2026-34909
containers >	adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation	active
containers >	adp > 0 > metrics > 0 > other > content > options > 1 > Automatable	yes
containers >	adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact	total
containers >	adp > 0 > metrics > 0 > other > content > role	CISA Coordinator
containers >	adp > 0 > metrics > 0 > other > content > version	2.0.3
containers >	adp > 0 > title	CISA ADP Vulnrichment
containers >	adp > 0 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 0 > providerMetadata > shortName	CISA-ADP
containers >	adp > 0 > providerMetadata > dateUpdated	2026-06-23T17:52:03.583Z