CVE-2026-34908

Deferred
Published: 22 May 2026, 00:43
Last modified:24 Jun 2026, 03:55

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
10 CRITICAL
v3.1 (cve.org)
EPSS Score
2.1% LOW
2% probability +1.24%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 May 2026, 00:43
Published
Vulnerability first disclosed
23 Jun 2026, 00:00
Added to CISA KEV
Ubiquiti UniFi OS Improper Access Control Vulnerability
24 Jun 2026, 03:55
Last Modified
Vulnerability information updated
26 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Description

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

CVSS Metrics

  • v3.1CRITICALScore: 10CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 2.10% Percentile: 79%

Techniques & Countermeasures

  • CWE-284Improper Access Control

    The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Affected Systems

  • ubiquiti incefg

    < 5.1.12

  • ubiquiti incenvr

    < 5.1.12

  • ubiquiti incenvr-core

    < 5.1.12

  • ubiquiti incexpress 7

    < 5.1.12

  • ubiquiti incucg-fiber

    < 5.1.12

  • ubiquiti incucg-industrial

    < 5.1.12

  • ubiquiti incucg-max

    < 5.1.12

  • ubiquiti incucg-ultra

    < 5.1.12

  • ubiquiti incuck

    < 5.1.12

  • ubiquiti incuck-enterprise

    < 5.1.12

  • ubiquiti incuckp

    < 5.1.12

  • ubiquiti incudm

    < 5.1.12

  • ubiquiti incudm-beast

    < 5.1.11

  • ubiquiti incudm-pro

    < 5.1.12

  • ubiquiti incudm-pro-max

    < 5.1.12

  • ubiquiti incudm-se

    < 5.1.12

  • ubiquiti incudr

    < 5.1.12

  • ubiquiti incudr-5g

    < 5.1.12

  • ubiquiti incudr7

    < 5.1.12

  • ubiquiti incudw

    < 5.1.12

  • ubiquiti incunas-2

    < 5.1.10

  • ubiquiti incunas-4

    < 5.1.10

  • ubiquiti incunas-pro

    < 5.1.10

  • ubiquiti incunas-pro-4

    < 5.1.10

  • ubiquiti incunas-pro-8

    < 5.1.10

  • ubiquiti incunifi os server

    < 5.0.8

  • ubiquiti incunvr

    < 5.1.12

  • ubiquiti incunvr-g2

    < 5.1.12

  • ubiquiti incunvr-g2-pro

    < 5.1.12

  • ubiquiti incunvr-instant

    < 5.1.12

  • ubiquiti incunvr-pro

    < 5.1.12

References (3)