CVE Tools

Description

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

In plain language

AI Act now

CVE-2026-34910 is a UniFi OS command-injection flaw that attackers on the network can exploit without login, and it has already been used in the real world—so small businesses running affected UniFi devices should act immediately.

Executive summary

CVE-2026-34910 is an unauthenticated command injection in UniFi OS that can be triggered via network access to run arbitrary commands on affected devices; it is listed in CISA KEV and has been exploited in the wild, with reports of automated attempts to create rogue administrator accounts.

If affected, business impact
Rogue admin accountsFull device takeoverNetwork disruptionCustomer data exposureOperational downtime

What to do now

  1. Check whether your UniFi OS / UniFi gateway / UniFi router-family firmware is on the device models listed for this CVE.
  2. Upgrade those devices to the fixed firmware versions: UniFi OS Server 5.0.8, and all other listed devices to 5.1.12.
  3. Verify after upgrading that there are no unexpected new administrator accounts (including unusual names) and that administrative access looks normal.
  4. If you cannot upgrade right away, follow Ubiquiti’s Security Advisory mitigations and reduce exposure (especially from the public internet) until patching is complete.
Patch / advisory Usually a quick update

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:CC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:CScope
Changed
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

and 46 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Jun 23, 2026
Remediation due:Jun 26, 2026

Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Official Patch Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

1 technique
Initial Access
View detailed technique mapping

References

9

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-34910 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows