CVE-2026-34910
- EPSS 78.56%
- Veröffentlicht 22.05.2026 00:43:49
- Zuletzt bearbeitet 24.06.2026 14:49:47
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
23.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Ubiquiti UniFi OS Improper Input Validation Vulnerability
SchwachstelleUbiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
BeschreibungApply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 78.56% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| support@hackerone.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.