Path Traversal Vulnerability in UniFi OS Devices by Ubiquiti
CVE-2026-34909

10CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Os Server; Express; Udm; Udm-pro
Vendor: CVE Published:; 22 May 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2026-34909?

A Path Traversal vulnerability exists in Ubiquiti's UniFi OS devices, allowing attackers with network access to navigate the file system and potentially manipulate sensitive files. This could lead to unauthorized account access and compromise the overall security of the device. Users are advised to update their UniFi OS to the latest version as a preventive measure against this vulnerability. For further information and guidance, please refer to Ubiquiti's security advisory.

Affected Version(s)

EFG 0 < 5.1.12

ENVR 0 < 5.1.12

ENVR-Core 0 < 5.1.12

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34909 Data

JSON