CVE-2026-34910

CRITICAL EXPLOITED NUCLEI

Ubiquiti INC UniFi OS Server - Improper Input Validation

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2026-34910 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Nuclei Templates (1)

UniFi OS Server - Command Injection
CRITICALVERIFIEDby Kazgangap
Shodan: html:"UniFi OS"

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.2387
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-06-09
CWE
CWE-20
Status published
Products (31)
Ubiquiti Inc/EFG < 5.1.12
Ubiquiti Inc/ENVR < 5.1.12
Ubiquiti Inc/ENVR-Core < 5.1.12
Ubiquiti Inc/Express 7 < 5.1.12
Ubiquiti Inc/UCG-Fiber < 5.1.12
Ubiquiti Inc/UCG-Industrial < 5.1.12
Ubiquiti Inc/UCG-Max < 5.1.12
Ubiquiti Inc/UCG-Ultra < 5.1.12
Ubiquiti Inc/UCK < 5.1.12
Ubiquiti Inc/UCK-Enterprise < 5.1.12
... and 21 more
Published May 22, 2026
Tracked Since May 22, 2026