COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-34908

CVE-2026-34908

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-23
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34908
⌖ exploited in the wild shame 45/100 exploited-in-wildunpatchedaccess-control

Ubiquiti UniFi OS allows unauthorized system changes via improper access control when network access is compromised.

This vulnerability permits attackers with network access to modify system configurations without authentication, creating a significant risk for DIB organizations relying on Ubiquiti hardware for secure network infrastructure. While not an RCE or zero-day, the improper access control flaw could lead to privilege escalation or lateral movement if exploited in a compromised network segment.

Shame score — The vulnerability represents a critical access control failure that could allow unauthorized system changes, but it is not a zero-day or ransomware-linked exploit.

Players implicated

Ubiquiti · vendorUniFi OS · product

Description

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.