CVE-2026-34908

Confirmed PUBLISHED

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized...

Ubiquiti Inc · UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial

14 days faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
10.0 Critical EPSS 2.5%

At a Glance

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

cisa
CVE Published
May 22, 2026
Exploitation Reported
Jun 09, 2026
CVSS
10.0 Critical
EPSS
2.5%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

31 version rows · page 1 of 2

Vendor Product Version Status
Ubiquiti Inc
UniFi OS Server

0 to < 5.0.8

Affected
Ubiquiti Inc
UDM

0 to < 5.1.12

Affected
Ubiquiti Inc
UDM-Pro

0 to < 5.1.12

Affected
Ubiquiti Inc
UDM-SE

0 to < 5.1.12

Affected
Ubiquiti Inc
UDM-Pro-Max

0 to < 5.1.12

Affected
Ubiquiti Inc
UDM-Beast

0 to < 5.1.11

Affected
Ubiquiti Inc
EFG

0 to < 5.1.12

Affected
Ubiquiti Inc
UDW

0 to < 5.1.12

Affected
Ubiquiti Inc
UDR

0 to < 5.1.12

Affected
Ubiquiti Inc
UDR7

0 to < 5.1.12

Affected
Ubiquiti Inc
UDR-5G

0 to < 5.1.12

Affected
Ubiquiti Inc
Express 7

0 to < 5.1.12

Affected
Ubiquiti Inc
UNVR

0 to < 5.1.12

Affected
Ubiquiti Inc
UNVR-Pro

0 to < 5.1.12

Affected
Ubiquiti Inc
UNVR-Instant

0 to < 5.1.12

Affected
Ubiquiti Inc
UNVR-G2

0 to < 5.1.12

Affected
Ubiquiti Inc
UNVR-G2-Pro

0 to < 5.1.12

Affected
Ubiquiti Inc
ENVR

0 to < 5.1.12

Affected
Ubiquiti Inc
ENVR-Core

0 to < 5.1.12

Affected
Ubiquiti Inc
UNAS-2

0 to < 5.1.10

Affected
Ubiquiti Inc
UNAS-4

0 to < 5.1.10

Affected
Ubiquiti Inc
UNAS-Pro

0 to < 5.1.10

Affected
Ubiquiti Inc
UNAS-Pro-4

0 to < 5.1.10

Affected
Ubiquiti Inc
UNAS-Pro-8

0 to < 5.1.10

Affected
Ubiquiti Inc
UCKP

0 to < 5.1.12

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.