CVE-2026-34910
Description
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
In plain language
AI Act nowCVE-2026-34910 is a UniFi OS command-injection flaw that attackers on the network can exploit without login, and it has already been used in the real world—so small businesses running affected UniFi devices should act immediately.
CVE-2026-34910 is an unauthenticated command injection in UniFi OS that can be triggered via network access to run arbitrary commands on affected devices; it is listed in CISA KEV and has been exploited in the wild, with reports of automated attempts to create rogue administrator accounts.
What to do now
- Check whether your UniFi OS / UniFi gateway / UniFi router-family firmware is on the device models listed for this CVE.
- Upgrade those devices to the fixed firmware versions: UniFi OS Server 5.0.8, and all other listed devices to 5.1.12.
- Verify after upgrading that there are no unexpected new administrator accounts (including unusual names) and that administrative access looks normal.
- If you cannot upgrade right away, follow Ubiquiti’s Security Advisory mitigations and reduce exposure (especially from the public internet) until patching is complete.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OSen·The Hacker News·
- 29th June – Threat Intelligence Reporten-us·Check Point Research·
- CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploiteden·The Hacker News·
- CISA warns of max severity Ubiquiti flaws exploited in attacksen-us·BleepingComputer·
- Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairsen-us·SecurityWeek·
- CISA Adds Four Exploited UniFi OS and Lantronix Flaws to KEV Catalogen-us·Daily CyberSecurity (securityonline.info)· Summary only·
- ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and Moreen·The Hacker News· Summary only·
- Critical UniFi OS bug lets hackers gain root without authenticationen-us·BleepingComputer· Summary only·
- Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection & Analysisen-us·Bishop Fox·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-34910 and every CVE in our database. Create a free account — no credit card required.
Create Free Account