KEVIntel
PRO Back to KEVs
10.0
CVSS
Critical

CVE-2026-34910

PUBLISHED

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Ubiquiti Inc
Product
UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber, UCG-Industrial
Published
May 22, 2026
EPSS
0.1% · 28% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Weaknesses (CWE)

  • CWE-20

    Improper Input Validation

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-09 08:18:00 UTC · Defused Cyber

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
Defused Cyber First 2026-06-09 08:18 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel