COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-34910

CVE-2026-34910

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-23
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34910
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wildsupply-chain

Ubiquiti UniFi OS allows remote command injection via improper input validation, enabling attackers to execute arbitrary commands on the network.

This vulnerability permits remote command injection on Ubiquiti UniFi OS devices, allowing attackers to execute arbitrary commands if they can reach the network. For DIB organizations, this poses a severe risk as compromised UniFi devices could be leveraged to pivot into sensitive networks or exfiltrate data, potentially violating NIST 800-171 requirements for system integrity and access control. Organizations should immediately patch affected devices and review network segmentation to prevent lateral movement.

Shame score — A high-severity RCE vulnerability in a widely deployed networking product that is actively exploited, indicating a significant security oversight.

Players implicated

Ubiquiti · vendorUniFi OS · product

Description

Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.