COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-34909

CVE-2026-34909

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-23
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34909
⌖ exploited in the wild shame 45/100 exploited-in-wildunpatchedsupply-chaindata-breach

Ubiquiti UniFi OS path traversal vulnerability allows attackers to access and manipulate system files to compromise underlying accounts.

This path traversal flaw in Ubiquiti UniFi OS enables attackers with network access to read and manipulate system files, potentially leading to unauthorized account access. DIB organizations must ensure all Ubiquiti hardware is patched immediately to prevent supply-chain compromise and maintain NIST 800-171 compliance. Failure to patch exposes critical infrastructure to unauthorized data access and potential ransomware entry.

Shame score — A known path traversal vulnerability that allows file access but does not directly enable remote code execution.

Players implicated

Ubiquiti · vendorUniFi OS · product

Description

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.