Exposures › CVE-2026-34908
Ubiquiti UniFi OS allows unauthorized system changes via improper access control when network access is compromised.
This vulnerability permits attackers with network access to modify system configurations without authentication, creating a significant risk for DIB organizations relying on Ubiquiti hardware for secure network infrastructure. While not an RCE or zero-day, the improper access control flaw could lead to privilege escalation or lateral movement if exploited in a compromised network segment.
Shame score — The vulnerability represents a critical access control failure that could allow unauthorized system changes, but it is not a zero-day or ransomware-linked exploit.
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
No correlated FedRAMP products.