CVE Details
CVE-2026-34910
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Published: 2026-06-23
CVSS: 10 CRITICAL
Product: Ubiquiti UniFi OS
Due Date: 2026-06-26
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
GitHub PoC
Warning: GitHub PoC repositories are unverified. Some may be fake
or contain malware. Use caution and review code before running anything.
FIRST EPSS
EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.
Timeline
CVE Stalker
KEV
MITRE
GitHub
FIRST (EPSS)
MITRE
CVSS
SSVC
References
Show Raw Data
| Key | Remaining Key | Value |
|---|---|---|
| dataType | CVE_RECORD | |
| dataVersion | 5.2 | |
| cveMetadata > | cveId | CVE-2026-34910 |
| cveMetadata > | assignerOrgId | 36234546-b8fa-4601-9d6f-f4e334aa8ea1 |
| cveMetadata > | state | PUBLISHED |
| cveMetadata > | assignerShortName | hackerone |
| cveMetadata > | dateReserved | 2026-03-31T15:00:06.521Z |
| cveMetadata > | datePublished | 2026-05-22T00:43:49.096Z |
| cveMetadata > | dateUpdated | 2026-06-23T17:51:27.175Z |
| containers > | cna > descriptions > 0 > lang | en |
| containers > | cna > descriptions > 0 > value | A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. |
| containers > | cna > affected > 0 > defaultStatus | unaffected |
| containers > | cna > affected > 0 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 0 > product | UniFi OS Server |
| containers > | cna > affected > 0 > versions > 0 > version | 0 |
| containers > | cna > affected > 0 > versions > 0 > status | affected |
| containers > | cna > affected > 0 > versions > 0 > lessThan | 5.0.8 |
| containers > | cna > affected > 0 > versions > 0 > versionType | semver |
| containers > | cna > affected > 1 > defaultStatus | unaffected |
| containers > | cna > affected > 1 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 1 > product | UDM |
| containers > | cna > affected > 1 > versions > 0 > version | 0 |
| containers > | cna > affected > 1 > versions > 0 > status | affected |
| containers > | cna > affected > 1 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 1 > versions > 0 > versionType | semver |
| containers > | cna > affected > 2 > defaultStatus | unaffected |
| containers > | cna > affected > 2 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 2 > product | UDM-Pro |
| containers > | cna > affected > 2 > versions > 0 > version | 0 |
| containers > | cna > affected > 2 > versions > 0 > status | affected |
| containers > | cna > affected > 2 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 2 > versions > 0 > versionType | semver |
| containers > | cna > affected > 3 > defaultStatus | unaffected |
| containers > | cna > affected > 3 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 3 > product | UDM-SE |
| containers > | cna > affected > 3 > versions > 0 > version | 0 |
| containers > | cna > affected > 3 > versions > 0 > status | affected |
| containers > | cna > affected > 3 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 3 > versions > 0 > versionType | semver |
| containers > | cna > affected > 4 > defaultStatus | unaffected |
| containers > | cna > affected > 4 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 4 > product | UDM-Pro-Max |
| containers > | cna > affected > 4 > versions > 0 > version | 0 |
| containers > | cna > affected > 4 > versions > 0 > status | affected |
| containers > | cna > affected > 4 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 4 > versions > 0 > versionType | semver |
| containers > | cna > affected > 5 > defaultStatus | unaffected |
| containers > | cna > affected > 5 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 5 > product | UDM-Beast |
| containers > | cna > affected > 5 > versions > 0 > version | 0 |
| containers > | cna > affected > 5 > versions > 0 > status | affected |
| containers > | cna > affected > 5 > versions > 0 > lessThan | 5.1.11 |
| containers > | cna > affected > 5 > versions > 0 > versionType | semver |
| containers > | cna > affected > 6 > defaultStatus | unaffected |
| containers > | cna > affected > 6 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 6 > product | EFG |
| containers > | cna > affected > 6 > versions > 0 > version | 0 |
| containers > | cna > affected > 6 > versions > 0 > status | affected |
| containers > | cna > affected > 6 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 6 > versions > 0 > versionType | semver |
| containers > | cna > affected > 7 > defaultStatus | unaffected |
| containers > | cna > affected > 7 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 7 > product | UDW |
| containers > | cna > affected > 7 > versions > 0 > version | 0 |
| containers > | cna > affected > 7 > versions > 0 > status | affected |
| containers > | cna > affected > 7 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 7 > versions > 0 > versionType | semver |
| containers > | cna > affected > 8 > defaultStatus | unaffected |
| containers > | cna > affected > 8 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 8 > product | UDR |
| containers > | cna > affected > 8 > versions > 0 > version | 0 |
| containers > | cna > affected > 8 > versions > 0 > status | affected |
| containers > | cna > affected > 8 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 8 > versions > 0 > versionType | semver |
| containers > | cna > affected > 9 > defaultStatus | unaffected |
| containers > | cna > affected > 9 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 9 > product | UDR7 |
| containers > | cna > affected > 9 > versions > 0 > version | 0 |
| containers > | cna > affected > 9 > versions > 0 > status | affected |
| containers > | cna > affected > 9 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 9 > versions > 0 > versionType | semver |
| containers > | cna > affected > 10 > defaultStatus | unaffected |
| containers > | cna > affected > 10 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 10 > product | UDR-5G |
| containers > | cna > affected > 10 > versions > 0 > version | 0 |
| containers > | cna > affected > 10 > versions > 0 > status | affected |
| containers > | cna > affected > 10 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 10 > versions > 0 > versionType | semver |
| containers > | cna > affected > 11 > defaultStatus | unaffected |
| containers > | cna > affected > 11 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 11 > product | Express 7 |
| containers > | cna > affected > 11 > versions > 0 > version | 0 |
| containers > | cna > affected > 11 > versions > 0 > status | affected |
| containers > | cna > affected > 11 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 11 > versions > 0 > versionType | semver |
| containers > | cna > affected > 12 > defaultStatus | unaffected |
| containers > | cna > affected > 12 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 12 > product | UNVR |
| containers > | cna > affected > 12 > versions > 0 > version | 0 |
| containers > | cna > affected > 12 > versions > 0 > status | affected |
| containers > | cna > affected > 12 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 12 > versions > 0 > versionType | semver |
| containers > | cna > affected > 13 > defaultStatus | unaffected |
| containers > | cna > affected > 13 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 13 > product | UNVR-Pro |
| containers > | cna > affected > 13 > versions > 0 > version | 0 |
| containers > | cna > affected > 13 > versions > 0 > status | affected |
| containers > | cna > affected > 13 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 13 > versions > 0 > versionType | semver |
| containers > | cna > affected > 14 > defaultStatus | unaffected |
| containers > | cna > affected > 14 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 14 > product | UNVR-Instant |
| containers > | cna > affected > 14 > versions > 0 > version | 0 |
| containers > | cna > affected > 14 > versions > 0 > status | affected |
| containers > | cna > affected > 14 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 14 > versions > 0 > versionType | semver |
| containers > | cna > affected > 15 > defaultStatus | unaffected |
| containers > | cna > affected > 15 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 15 > product | UNVR-G2 |
| containers > | cna > affected > 15 > versions > 0 > version | 0 |
| containers > | cna > affected > 15 > versions > 0 > status | affected |
| containers > | cna > affected > 15 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 15 > versions > 0 > versionType | semver |
| containers > | cna > affected > 16 > defaultStatus | unaffected |
| containers > | cna > affected > 16 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 16 > product | UNVR-G2-Pro |
| containers > | cna > affected > 16 > versions > 0 > version | 0 |
| containers > | cna > affected > 16 > versions > 0 > status | affected |
| containers > | cna > affected > 16 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 16 > versions > 0 > versionType | semver |
| containers > | cna > affected > 17 > defaultStatus | unaffected |
| containers > | cna > affected > 17 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 17 > product | ENVR |
| containers > | cna > affected > 17 > versions > 0 > version | 0 |
| containers > | cna > affected > 17 > versions > 0 > status | affected |
| containers > | cna > affected > 17 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 17 > versions > 0 > versionType | semver |
| containers > | cna > affected > 18 > defaultStatus | unaffected |
| containers > | cna > affected > 18 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 18 > product | ENVR-Core |
| containers > | cna > affected > 18 > versions > 0 > version | 0 |
| containers > | cna > affected > 18 > versions > 0 > status | affected |
| containers > | cna > affected > 18 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 18 > versions > 0 > versionType | semver |
| containers > | cna > affected > 19 > defaultStatus | unaffected |
| containers > | cna > affected > 19 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 19 > product | UNAS-2 |
| containers > | cna > affected > 19 > versions > 0 > version | 0 |
| containers > | cna > affected > 19 > versions > 0 > status | affected |
| containers > | cna > affected > 19 > versions > 0 > lessThan | 5.1.10 |
| containers > | cna > affected > 19 > versions > 0 > versionType | semver |
| containers > | cna > affected > 20 > defaultStatus | unaffected |
| containers > | cna > affected > 20 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 20 > product | UNAS-4 |
| containers > | cna > affected > 20 > versions > 0 > version | 0 |
| containers > | cna > affected > 20 > versions > 0 > status | affected |
| containers > | cna > affected > 20 > versions > 0 > lessThan | 5.1.10 |
| containers > | cna > affected > 20 > versions > 0 > versionType | semver |
| containers > | cna > affected > 21 > defaultStatus | unaffected |
| containers > | cna > affected > 21 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 21 > product | UNAS-Pro |
| containers > | cna > affected > 21 > versions > 0 > version | 0 |
| containers > | cna > affected > 21 > versions > 0 > status | affected |
| containers > | cna > affected > 21 > versions > 0 > lessThan | 5.1.10 |
| containers > | cna > affected > 21 > versions > 0 > versionType | semver |
| containers > | cna > affected > 22 > defaultStatus | unaffected |
| containers > | cna > affected > 22 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 22 > product | UNAS-Pro-4 |
| containers > | cna > affected > 22 > versions > 0 > version | 0 |
| containers > | cna > affected > 22 > versions > 0 > status | affected |
| containers > | cna > affected > 22 > versions > 0 > lessThan | 5.1.10 |
| containers > | cna > affected > 22 > versions > 0 > versionType | semver |
| containers > | cna > affected > 23 > defaultStatus | unaffected |
| containers > | cna > affected > 23 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 23 > product | UNAS-Pro-8 |
| containers > | cna > affected > 23 > versions > 0 > version | 0 |
| containers > | cna > affected > 23 > versions > 0 > status | affected |
| containers > | cna > affected > 23 > versions > 0 > lessThan | 5.1.10 |
| containers > | cna > affected > 23 > versions > 0 > versionType | semver |
| containers > | cna > affected > 24 > defaultStatus | unaffected |
| containers > | cna > affected > 24 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 24 > product | UCKP |
| containers > | cna > affected > 24 > versions > 0 > version | 0 |
| containers > | cna > affected > 24 > versions > 0 > status | affected |
| containers > | cna > affected > 24 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 24 > versions > 0 > versionType | semver |
| containers > | cna > affected > 25 > defaultStatus | unaffected |
| containers > | cna > affected > 25 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 25 > product | UCK |
| containers > | cna > affected > 25 > versions > 0 > version | 0 |
| containers > | cna > affected > 25 > versions > 0 > status | affected |
| containers > | cna > affected > 25 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 25 > versions > 0 > versionType | semver |
| containers > | cna > affected > 26 > defaultStatus | unaffected |
| containers > | cna > affected > 26 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 26 > product | UCK-Enterprise |
| containers > | cna > affected > 26 > versions > 0 > version | 0 |
| containers > | cna > affected > 26 > versions > 0 > status | affected |
| containers > | cna > affected > 26 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 26 > versions > 0 > versionType | semver |
| containers > | cna > affected > 27 > defaultStatus | unaffected |
| containers > | cna > affected > 27 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 27 > product | UCG-Ultra |
| containers > | cna > affected > 27 > versions > 0 > version | 0 |
| containers > | cna > affected > 27 > versions > 0 > status | affected |
| containers > | cna > affected > 27 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 27 > versions > 0 > versionType | semver |
| containers > | cna > affected > 28 > defaultStatus | unaffected |
| containers > | cna > affected > 28 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 28 > product | UCG-Max |
| containers > | cna > affected > 28 > versions > 0 > version | 0 |
| containers > | cna > affected > 28 > versions > 0 > status | affected |
| containers > | cna > affected > 28 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 28 > versions > 0 > versionType | semver |
| containers > | cna > affected > 29 > defaultStatus | unaffected |
| containers > | cna > affected > 29 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 29 > product | UCG-Fiber |
| containers > | cna > affected > 29 > versions > 0 > version | 0 |
| containers > | cna > affected > 29 > versions > 0 > status | affected |
| containers > | cna > affected > 29 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 29 > versions > 0 > versionType | semver |
| containers > | cna > affected > 30 > defaultStatus | unaffected |
| containers > | cna > affected > 30 > vendor | Ubiquiti Inc |
| containers > | cna > affected > 30 > product | UCG-Industrial |
| containers > | cna > affected > 30 > versions > 0 > version | 0 |
| containers > | cna > affected > 30 > versions > 0 > status | affected |
| containers > | cna > affected > 30 > versions > 0 > lessThan | 5.1.12 |
| containers > | cna > affected > 30 > versions > 0 > versionType | semver |
| containers > | cna > references > 0 > url | https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b |
| containers > | cna > metrics > 0 > cvssV3_1 > version | 3.1 |
| containers > | cna > metrics > 0 > cvssV3_1 > vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| containers > | cna > metrics > 0 > cvssV3_1 > baseScore | 10 |
| containers > | cna > metrics > 0 > cvssV3_1 > baseSeverity | CRITICAL |
| containers > | cna > problemTypes > 0 > descriptions > 0 > type | CWE |
| containers > | cna > problemTypes > 0 > descriptions > 0 > lang | en |
| containers > | cna > problemTypes > 0 > descriptions > 0 > cweId | CWE-20 |
| containers > | cna > problemTypes > 0 > descriptions > 0 > description | CWE-20 Improper Input Validation |
| containers > | cna > providerMetadata > orgId | 36234546-b8fa-4601-9d6f-f4e334aa8ea1 |
| containers > | cna > providerMetadata > shortName | hackerone |
| containers > | cna > providerMetadata > dateUpdated | 2026-05-22T00:43:49.096Z |
| containers > | adp > 0 > references > 0 > url | https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/ |
| containers > | adp > 0 > references > 0 > tags > 0 | third-party-advisory |
| containers > | adp > 0 > references > 1 > url | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34910 |
| containers > | adp > 0 > references > 1 > tags > 0 | government-resource |
| containers > | adp > 0 > metrics > 0 > other > type | ssvc |
| containers > | adp > 0 > metrics > 0 > other > content > timestamp | 2026-06-23T17:50:09.408566Z |
| containers > | adp > 0 > metrics > 0 > other > content > id | CVE-2026-34910 |
| containers > | adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation | active |
| containers > | adp > 0 > metrics > 0 > other > content > options > 1 > Automatable | yes |
| containers > | adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact | total |
| containers > | adp > 0 > metrics > 0 > other > content > role | CISA Coordinator |
| containers > | adp > 0 > metrics > 0 > other > content > version | 2.0.3 |
| containers > | adp > 0 > title | CISA ADP Vulnrichment |
| containers > | adp > 0 > providerMetadata > orgId | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| containers > | adp > 0 > providerMetadata > shortName | CISA-ADP |
| containers > | adp > 0 > providerMetadata > dateUpdated | 2026-06-23T17:51:27.175Z |