Cyber Resilience

CVE-2026-34909

CriticalCISA KEVActive ExploitationPublic PoCUpdated

Published: 22 May 2026

Published
22 May 2026
Modified
24 June 2026
KEV Added
23 June 2026
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0227 80.9th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-34909 is a critical-severity Path Traversal (CWE-22) vulnerability in Ui Unifi Os Server. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

CWE(s)
KEV Date Added
23 June 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal in network-accessible UniFi OS directly enables exploitation of a public-facing application (T1190) for unauthorized file access and account compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-34910Same product: Ui Enterprise Fortress Gatewayboth on KEV
CVE-2026-34908Same product: Ui Enterprise Fortress Gatewayboth on KEV
CVE-2026-34911Same product: Ui Enterprise Fortress Gateway
CVE-2025-8110Shared CWE-22both on KEV
CVE-2025-52665Same vendor: Ui
CVE-2024-57727Shared CWE-22both on KEV
CVE-2025-61884Shared CWE-22both on KEV
CVE-2026-33000Same product: Ui Unifi Os Server
CVE-2025-2505Shared CWE-22
CVE-2026-5841Shared CWE-22

Affected Assets

ui
unifi os server
≤ 5.0.8
ui
unifi cloud gateway industrial firmware
≤ 5.1.12
ui
unifi dream machine firmware
≤ 5.1.12
ui
unifi dream machine pro firmware
≤ 5.1.12
ui
unifi dream machine special edition firmware
≤ 5.1.12
ui
unifi dream machine pro max firmware
≤ 5.1.12
ui
enterprise fortress gateway firmware
≤ 5.1.12
ui
unifi dream wall firmware
≤ 5.1.12
ui
unifi dream router firmware
≤ 5.1.12
ui
unifi dream router 7 firmware
≤ 5.1.12
+22 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References