Path Traversal Vulnerability in UniFi OS Devices by Ubiquiti

CVE-2026-34911

What is CVE-2026-34911?

CVE-2026-34911 is a path traversal vulnerability identified in UniFi OS devices manufactured by Ubiquiti Inc. This vulnerability arises when a malicious actor, possessing low-level privileges and access to the network, can manipulate file paths to gain unauthorized access to sensitive files on the underlying system. This could potentially allow the attacker to extract confidential information or alter system configurations, impacting the security and integrity of the device and its network. UniFi OS is typically used for network management, encompassing features like device management, monitoring, and configuration; thus, any compromise in its functionality could lead to significant operational risks for organizations relying on these systems.

Potential impact of CVE-2026-34911

1. Unauthorized Access to Sensitive Information: Attackers could leverage this vulnerability to access protected files, leading to exposure of sensitive data such as configuration files, user credentials, or other proprietary information, which could be exploited for further attacks.

2. System Compromise: By manipulating file availability or integrity, attackers may manipulate system resources or configurations, potentially leading to broader system instability or further vulnerabilities within the network infrastructure.

3. Operational Disruption: The exploitation of this vulnerability can ultimately disrupt the normal operation of affected devices, leading to service outages or degrading the network performance, which could greatly impact business operations and customer service.

References