{"cve":{"cve_id":"CVE-2026-34910","is_kev":true,"kev_date_added":"2026-06-23","kev_vendor_project":"Ubiquiti","kev_product":"UniFi OS","kev_vulnerability_name":"Ubiquiti UniFi OS Improper Input Validation Vulnerability","kev_short_description":"Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.","kev_required_action":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","kev_due_date":"2026-06-26","kev_known_ransomware":false,"kev_notes":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910","kev_cwes":["CWE-20"],"epss_score":0.33615,"epss_percentile":0.98163,"epss_as_of":"2026-06-23","description":"A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.","published_at":"2026-05-22T00:43:49.096000Z","last_modified_at":null,"cvss_v3_score":10.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-20"],"nvd_references":["https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:30:00.570499Z"},"effective_severity":"CRITICAL","badges":["kev","poc"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"efg","product_name":"EFG","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:efg:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"envr","product_name":"ENVR","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:envr:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"envr-core","product_name":"ENVR-Core","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:envr-core:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"express-7","product_name":"Express 7","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:express-7:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"ucg-fiber","product_name":"UCG-Fiber","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:ucg-fiber:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"ucg-industrial","product_name":"UCG-Industrial","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:ucg-industrial:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"ucg-max","product_name":"UCG-Max","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:ucg-max:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"ucg-ultra","product_name":"UCG-Ultra","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:ucg-ultra:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"uck","product_name":"UCK","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:uck:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"uck-enterprise","product_name":"UCK-Enterprise","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:uck-enterprise:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"uckp","product_name":"UCKP","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:uckp:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udm","product_name":"UDM","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udm:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udm-beast","product_name":"UDM-Beast","version_start":"0","version_start_inclusive":true,"version_end":"5.1.11","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udm-beast:0:5.1.11"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udm-pro","product_name":"UDM-Pro","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udm-pro:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udm-pro-max","product_name":"UDM-Pro-Max","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udm-pro-max:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udm-se","product_name":"UDM-SE","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udm-se:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udr","product_name":"UDR","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udr:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udr-5g","product_name":"UDR-5G","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udr-5g:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udr7","product_name":"UDR7","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udr7:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"udw","product_name":"UDW","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:udw:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unas-2","product_name":"UNAS-2","version_start":"0","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unas-2:0:5.1.10"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unas-4","product_name":"UNAS-4","version_start":"0","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unas-4:0:5.1.10"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unas-pro","product_name":"UNAS-Pro","version_start":"0","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unas-pro:0:5.1.10"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unas-pro-4","product_name":"UNAS-Pro-4","version_start":"0","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unas-pro-4:0:5.1.10"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unas-pro-8","product_name":"UNAS-Pro-8","version_start":"0","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unas-pro-8:0:5.1.10"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unifi-os-server","product_name":"UniFi OS Server","version_start":"0","version_start_inclusive":true,"version_end":"5.0.8","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unifi-os-server:0:5.0.8"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unvr","product_name":"UNVR","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unvr:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unvr-g2","product_name":"UNVR-G2","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unvr-g2:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unvr-g2-pro","product_name":"UNVR-G2-Pro","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unvr-g2-pro:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unvr-instant","product_name":"UNVR-Instant","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unvr-instant:0:5.1.12"},{"vendor_slug":"ubiquiti-inc","vendor_name":"Ubiquiti Inc","product_slug":"unvr-pro","product_name":"UNVR-Pro","version_start":"0","version_start_inclusive":true,"version_end":"5.1.12","version_end_inclusive":false,"cpe23_uri":"cve5:ubiquiti-inc:unvr-pro:0:5.1.12"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-34910.yaml","title":"UniFi OS Server - Command Injection","author":"Kazgangap","disclosed_at":null}],"news":[],"references":[{"url":"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-05-22T00:43:49.096000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2026-06-23T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"cvss_changed","at":"2026-06-28T17:53:26.161903Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:26.161903Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:26.161903Z","label":"CVSS score revised","source":"cvelistv5"}]}