Path Traversal Vulnerability in UniFi OS Devices by Ubiquiti
CVE-2026-34909
Key Information:
- Vendor
Ubiquiti Inc
- Vendor
- CVE Published:
- 22 May 2026
Badges
What is CVE-2026-34909?
A Path Traversal vulnerability exists in Ubiquiti's UniFi OS devices, allowing attackers with network access to navigate the file system and potentially manipulate sensitive files. This could lead to unauthorized account access and compromise the overall security of the device. Users are advised to update their UniFi OS to the latest version as a preventive measure against this vulnerability. For further information and guidance, please refer to Ubiquiti's security advisory.
CISA has reported CVE-2026-34909
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-34909 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Affected Version(s)
EFG 0 < 5.1.12
ENVR 0 < 5.1.12
ENVR-Core 0 < 5.1.12