Exposures › CVE-2026-34910
Ubiquiti UniFi OS allows remote command injection via improper input validation, enabling attackers to execute arbitrary commands on the network.
This vulnerability permits remote command injection on Ubiquiti UniFi OS devices, allowing attackers to execute arbitrary commands if they can reach the network. For DIB organizations, this poses a severe risk as compromised UniFi devices could be leveraged to pivot into sensitive networks or exfiltrate data, potentially violating NIST 800-171 requirements for system integrity and access control. Organizations should immediately patch affected devices and review network segmentation to prevent lateral movement.
Shame score — A high-severity RCE vulnerability in a widely deployed networking product that is actively exploited, indicating a significant security oversight.
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
No correlated FedRAMP products.