Triple CVSS 10.0 Warning: Critical Ubiquiti UniFi OS Flaws Allow Unauthenticated Remote Takeovers

Ubiquiti has issued a major security advisory addressing five distinct vulnerabilities across its UniFi OS ecosystem. Three of these flaws carry a maximum CVSS score of 10.0, signaling an urgent upgrade cycle for system administrators managing network deployment hardware.

The most severe bugs highlighted in the advisory require zero user privileges, meaning a malicious actor with simple network access can exploit them to completely compromise a device:

• CVE-2026-34908 (Improper Access Control): This flaw allows network attackers to make unauthorized changes directly to the target system.
• CVE-2026-34909 (Path Traversal): Attackers can exploit this path traversal flaw to access files on the underlying system, which can then be manipulated to compromise an underlying account.
• CVE-2026-34910 (Command Injection): An improper input validation oversight allows remote adversaries to execute arbitrary command injections on vulnerable devices.

These three critical vulnerabilities impact a sweeping array of hardware, including UCG gateways, the UDM series, UNVR recorders, and UNAS storage appliances.

Ubiquiti also resolved two other flaws that require some level of existing authorization to execute:

• CVE-2026-33000 (CVSS 9.1 Critical): A high-privilege actor on the network can abuse an input validation bug on the UniFi OS Server to trigger a command injection.
• CVE-2026-34911 (CVSS 7.7 High): A low-privilege network actor can use a path traversal flaw to read files on the system and harvest sensitive information.

To protect your environment from potential network exploits, you should immediately apply firmware updates corresponding to your specific hardware:

• UniFi OS Server: Upgrade to version 5.0.8 or later.
• UCG-Industrial, UDM series, UDR, UNVR, ENVR, and UCG models: Update to version 5.1.12 or later.
• UNAS-2/4/Pro series: Update to version 5.1.10 or later.
• UDM-Beast: Update to version 5.1.11 or later.

For IT departments, rolling out these patches swiftly closes off high-impact, unauthenticated network-entry points.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.