UniFi OS Server - Command Injection

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. id: CVE-2026-34910 info: name: UniFi OS Server - Command Injection author: Kazgangap severity: critical description: | A malicious actor...

PT-2026-48501

CVE-2026-34908 is a CVSS 10.0 improper access control flaw in UniFi OS Server where nginx evaluates the raw request URI for authentication but routes using the normalized URI, allowing unauthenticated attackers to reach protected endpoints and chain into full root RCE...

UniFi OS Server Unauthenticated Remote Code Execution Chain Detection Script

This tool is a safe detector for the unauthenticated remote code execution chain in UniFi OS Server versions 5.0.6 and below, as disclosed in Ubiquiti Security Advisory Bulletin 064...

Exploit for CVE-2026-34908

UniFi OS Server Unauth RCE Chain Detection Script A safe dete...

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from improper access control. This vulnerability could allow malicious individuals...