CVE-2026-34911

Ubiquiti · UniFi OS

A path traversal vulnerability in UniFi OS allows a low-privileged network attacker to access and manipulate sensitive system files.

Executive summary

A path traversal vulnerability in Ubiquiti UniFi OS devices could allow an authenticated network attacker to access and manipulate sensitive system files.

Vulnerability

This is a path traversal vulnerability that can be exploited by an attacker with low-level network access. By crafting specific requests, the attacker can access files outside the intended directory, potentially leading to the exposure or modification of sensitive configuration data.

Business impact

Successful exploitation of this vulnerability could lead to the exposure of sensitive credentials, network configurations, or system information. With a CVSS score of 7.7, this high-severity flaw exposes the organization to significant risk of data breach and unauthorized system manipulation, potentially impacting the entire network infrastructure managed by the UniFi OS device.

Remediation

Immediate Action: Identify all exposed UniFi OS devices and apply the latest security firmware updates provided by Ubiquiti as soon as they become available.

Proactive Monitoring: Inspect network traffic and system access logs for path traversal patterns, such as encoded directory symbols or attempts to access files in unexpected system locations.

Compensating Controls: Restrict management interface access to trusted, internal network segments and utilize a Web Application Firewall (WAF) to filter malicious requests targeting the device.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the risk of unauthorized file access, administrators must ensure their UniFi OS devices are kept up-to-date with the latest security patches. Isolate management interfaces from the public internet to reduce the attack surface and prevent unauthorized network-based exploitation.