CVE-2026-34910
Analyzed
Analyzed - Analysis Complete
Command Injection in UniFi OS Devices
Vulnerability report for CVE-2026-34910, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-22
Last updated on: 2026-06-24
Assigner: HackerOne
Description
Description
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ui | unifi_os_server | to 5.0.8 (exc) |
| ui | unifi_cloud_gateway_industrial_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_machine_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_machine_pro_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_machine_special_edition_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_machine_pro_max_firmware | to 5.1.12 (exc) |
| ui | enterprise_fortress_gateway_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_wall_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_router_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_router_7_firmware | to 5.1.12 (exc) |
| ui | unifi_express_7_firmware | to 5.1.12 (exc) |
| ui | unifi_network_video_recorder_firmware | to 5.1.12 (exc) |
| ui | unifi_network_video_recorder_pro_firmware | to 5.1.12 (exc) |
| ui | unifi_network_video_recorder_instant_firmware | to 5.1.12 (exc) |
| ui | enterprise_network_video_recorder_firmware | to 5.1.12 (exc) |
| ui | unifi_cloud_gateway_ultra_firmware | to 5.1.12 (exc) |
| ui | unifi_cloud_gateway_max_firmware | to 5.1.12 (exc) |
| ui | unifi_cloud_gateway_fiber_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_router_5g_max_firmware | to 5.1.12 (exc) |
| ui | enterprise_network_video_recorder_core_firmware | to 5.1.12 (exc) |
| ui | unifi_cloud_key_plus_firmware | to 5.1.12 (exc) |
| ui | unifi_cloudkey_firmware | to 5.1.12 (exc) |
| ui | unifi_cloudkey_enterprise_firmware | to 5.1.12 (exc) |
| ui | unifi_network_video_recorder_g2_firmware | to 5.1.12 (exc) |
| ui | unifi_network_video_recorder_g2_pro_firmware | to 5.1.12 (exc) |
| ui | unifi_dream_machine_beast_firmware | to 5.1.11 (exc) |
| ui | unas_2_firmware | to 5.1.10 (exc) |
| ui | unas_4_firmware | to 5.1.10 (exc) |
| ui | unas_pro_firmware | to 5.1.10 (exc) |
| ui | unas_pro_4_firmware | to 5.1.10 (exc) |
| ui | unas_pro_8_firmware | to 5.1.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |