PatchSiren

Ubiquiti Inc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Ubiquiti Inc CVE published 2026-06-23

CVE-2026-34910

CVE-2026-34910 is a Critical vulnerability disclosed on 2026-05-22 affecting UniFi OS devices, where improper input validation could allow a network-accessible command injection. The NVD record rates the issue CVSS 10.0 with no privileges required and no user interaction, making it a high-priority exposure for any environment running the affected platform.

Known exploited Ubiquiti Inc CVE published 2026-06-23

CVE-2026-34909

Published on 2026-05-22, CVE-2026-34909 is a critical path traversal vulnerability in UniFi OS devices. A network-accessible attacker could access files on the underlying system and, according to the CVE description, potentially manipulate that access to reach an underlying account. NVD rates the issue CVSS 3.1 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and maps it to CWE-22.

Known exploited Ubiquiti Inc CVE published 2026-06-23

CVE-2026-34908

CVE-2026-34908 is a critical improper access control issue affecting UniFi OS devices. According to the CVE description and NVD metadata, a network-accessible attacker could abuse the flaw to make unauthorized changes to the system. The NVD record lists the issue as remotely exploitable with no privileges or user interaction required, and the impact is rated high across confidentiality, integrity, and availability.

HIGH Ubiquiti Inc CVE published 2026-06-12

CVE-2026-48610

CVE-2026-48610 is a HIGH-severity vulnerability (CVSS Score: 8.1) affecting certain devices running UniFi OS. An Improper Access Control vulnerability allows a malicious actor with network access to make unauthorized changes to UniFi OS devices under specific network configurations.

CRITICAL Ubiquiti Inc CVE published 2026-06-12

CVE-2026-47370

CVE-2026-47370 is a CRITICAL vulnerability with a CVSS score of 9.9. A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-47370) a [truncated]

CRITICAL Ubiquiti Inc CVE published 2026-06-12

CVE-2026-47369

CVE-2026-47369 is a critical vulnerability with a CVSS score of 9.9, affecting certain devices running UniFi OS. The vulnerability is caused by an Improper Input Validation issue, which allows a malicious actor with access to the network and low privileges to escalate privileges within UniFi OS devices or instances. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2 [truncated]

HIGH Ubiquiti Inc CVE published 2026-06-12

CVE-2026-47368

A Path Traversal vulnerability was discovered in certain devices running UniFi OS. This vulnerability, tracked as CVE-2026-47368, allows a malicious actor with access to the network to obtain data from affected UniFi OS devices or instances. The vulnerability has a CVSS score of 8.6, indicating a high severity level.

CRITICAL Ubiquiti Inc CVE published 2026-06-12

CVE-2026-47367

CVE-2026-47367 is a CRITICAL vulnerability with a CVSS score of 9.9. A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.

HIGH Ubiquiti Inc CVE published 2026-05-22

CVE-2026-34911

CVE-2026-34911 is a high-severity path traversal issue (CWE-22) affecting UniFi OS devices. The supplied record says a network-accessible attacker with low privileges could reach files on the underlying system and potentially expose sensitive information. The CVSS v3.1 vector indicates no user interaction, low attack complexity, and high confidentiality impact.

CRITICAL Ubiquiti Inc CVE published 2026-05-22

CVE-2026-33000

CVE-2026-33000 is a critical improper input validation issue affecting UniFi OS devices. According to the NVD record, a network-accessible attacker with high privileges could trigger command injection, with potential impacts to confidentiality, integrity, and availability. The published CVSS 3.1 vector is AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, which indicates severe consequences despite the high-privilege prerequisite.