Command Injection Vulnerability in UniFi OS Devices by Ubiquiti
CVE-2026-34910

10CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Os Server; Udm; Udm-pro; Udm-se
Vendor: CVE Published:; 22 May 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2026-34910?

A security flaw in UniFi OS devices allows malicious actors with network access to exploit improper input validation, leading to potential command injection attacks. This vulnerability enables unauthorized commands to be executed on the affected devices, which can compromise the integrity and security of the network. It is crucial for users to apply necessary patches and monitor network activities to mitigate potential risks.

Affected Version(s)

EFG 0 < 5.1.12

ENVR 0 < 5.1.12

ENVR-Core 0 < 5.1.12

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34910 Data

JSON