[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-34909":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-25T20:35:03.799Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":44,"related":45,"reserved_at":9,"published_at":46,"modified_at":47,"state":48,"summary":49,"references_raw":60,"kevs":76,"epss":87,"epss_history":90,"metrics":198,"affected":204},"CVE-2026-34909","A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[],[],[],[],[],"2026-05-22T00:43:49.072Z","2026-06-24T03:56:19.760Z","Deferred",{"cisa_kev":50,"cisa_ransomware":51,"cisa_vendor":52,"epss_severity":53,"epss_score":54,"severity":55,"severity_score":56,"severity_version":57,"severity_source":58,"severity_vector":59,"severity_status":48},true,false,"Ubiquiti","low",0.02269,"critical",10,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",[61,66,71],{"url":62,"sources":63,"tags":65},"https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b",[58,64],"nvd",[],{"url":67,"sources":68,"tags":69},"https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/",[58],[70],"Third Party Advisory",{"url":72,"sources":73,"tags":74},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909",[58],[75],"Government Resource",[77],{"source":78,"vendor":52,"product":79,"date_added":80,"vulnerability_name":81,"short_description":82,"required_action":83,"due_date":84,"known_ransomware_campaign_use":85,"notes":86,"exploitation_type":9},"cisa","UniFi OS","2026-06-23","Ubiquiti UniFi OS Path Traversal Vulnerability","Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.","Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","2026-06-26","Unknown","https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909",{"date":88,"score":54,"percentile":89},"2026-06-25",0.80822,[91,95,98,101,105,108,111,115,118,121,124,127,130,133,136,139,142,145,148,151,154,156,159,162,165,169,172,175,178,181,184,187,190,193,197],{"date":92,"score":93,"percentile":94},"2026-05-22",0.00023,0.06841,{"date":96,"score":93,"percentile":97},"2026-05-23",0.06845,{"date":99,"score":93,"percentile":100},"2026-05-24",0.06843,{"date":102,"score":103,"percentile":104},"2026-05-25",0.0002,0.05803,{"date":106,"score":103,"percentile":107},"2026-05-26",0.05795,{"date":109,"score":103,"percentile":110},"2026-05-27",0.05826,{"date":112,"score":113,"percentile":114},"2026-05-28",0.00026,0.07943,{"date":116,"score":113,"percentile":117},"2026-05-29",0.07963,{"date":119,"score":113,"percentile":120},"2026-05-30",0.07956,{"date":122,"score":113,"percentile":123},"2026-05-31",0.07936,{"date":125,"score":113,"percentile":126},"2026-06-01",0.07918,{"date":128,"score":113,"percentile":129},"2026-06-02",0.07869,{"date":131,"score":113,"percentile":132},"2026-06-03",0.07806,{"date":134,"score":113,"percentile":135},"2026-06-04",0.07825,{"date":137,"score":113,"percentile":138},"2026-06-05",0.07857,{"date":140,"score":113,"percentile":141},"2026-06-06",0.0787,{"date":143,"score":113,"percentile":144},"2026-06-07",0.07843,{"date":146,"score":113,"percentile":147},"2026-06-08",0.07799,{"date":149,"score":113,"percentile":150},"2026-06-09",0.07814,{"date":152,"score":113,"percentile":153},"2026-06-10",0.07836,{"date":155,"score":113,"percentile":138},"2026-06-11",{"date":157,"score":113,"percentile":158},"2026-06-12",0.07893,{"date":160,"score":113,"percentile":161},"2026-06-13",0.07888,{"date":163,"score":113,"percentile":164},"2026-06-14",0.07881,{"date":166,"score":167,"percentile":168},"2026-06-15",0.00623,0.44949,{"date":170,"score":167,"percentile":171},"2026-06-16",0.45002,{"date":173,"score":167,"percentile":174},"2026-06-17",0.45079,{"date":176,"score":167,"percentile":177},"2026-06-18",0.45123,{"date":179,"score":167,"percentile":180},"2026-06-19",0.45119,{"date":182,"score":167,"percentile":183},"2026-06-20",0.45113,{"date":185,"score":167,"percentile":186},"2026-06-21",0.45101,{"date":188,"score":167,"percentile":189},"2026-06-22",0.45095,{"date":80,"score":191,"percentile":192},0.00895,0.54838,{"date":194,"score":195,"percentile":196},"2026-06-24",0.01825,0.76032,{"date":88,"score":54,"percentile":89},[199,202],{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":200,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":201,"vectorString":59,"impactScore":56,"exploitabilityScore":56},"CRITICAL",{"source":64,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":203,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":201,"vectorString":59,"impactScore":56,"exploitabilityScore":56},[205,215,220,225,232,237,242,247,252,257,262,267,272,277,284,289,294,299,304,309,314,319,326,331,336,341,346,353,358,363,368,373],{"ecosystem":9,"name":206,"vendor":207,"product":208,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":210},"EFG","ubiquiti inc","efg","a",[211],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},"\u003C 5.1.12","5.1.12","excluding",{"ecosystem":9,"name":216,"vendor":207,"product":217,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":218},"ENVR","envr",[219],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":221,"vendor":207,"product":222,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":223},"ENVR-Core","envr-core",[224],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":226,"vendor":207,"product":227,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":228},"Express","express",[229],{"version":230,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":231,"version_end_type":214,"fixed_in":9},"\u003C 4.0.14","4.0.14",{"ecosystem":9,"name":233,"vendor":207,"product":234,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":235},"Express 7","express 7",[236],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":238,"vendor":207,"product":239,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":240},"UCG-Fiber","ucg-fiber",[241],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":243,"vendor":207,"product":244,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":245},"UCG-Industrial","ucg-industrial",[246],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":248,"vendor":207,"product":249,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":250},"UCG-Max","ucg-max",[251],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":253,"vendor":207,"product":254,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":255},"UCG-Ultra","ucg-ultra",[256],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":258,"vendor":207,"product":259,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":260},"UCK","uck",[261],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":263,"vendor":207,"product":264,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":265},"UCK-Enterprise","uck-enterprise",[266],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":268,"vendor":207,"product":269,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":270},"UCKP","uckp",[271],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":273,"vendor":207,"product":274,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":275},"UDM","udm",[276],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":278,"vendor":207,"product":279,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":280},"UDM-Beast","udm-beast",[281],{"version":282,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":283,"version_end_type":214,"fixed_in":9},"\u003C 5.1.11","5.1.11",{"ecosystem":9,"name":285,"vendor":207,"product":286,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":287},"UDM-Pro","udm-pro",[288],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":290,"vendor":207,"product":291,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":292},"UDM-Pro-Max","udm-pro-max",[293],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":295,"vendor":207,"product":296,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":297},"UDM-SE","udm-se",[298],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":300,"vendor":207,"product":301,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":302},"UDR","udr",[303],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":305,"vendor":207,"product":306,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":307},"UDR-5G","udr-5g",[308],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":310,"vendor":207,"product":311,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":312},"UDR7","udr7",[313],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":315,"vendor":207,"product":316,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":317},"UDW","udw",[318],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":320,"vendor":207,"product":321,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":322},"UNAS-2","unas-2",[323],{"version":324,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":214,"fixed_in":9},"\u003C 5.1.10","5.1.10",{"ecosystem":9,"name":327,"vendor":207,"product":328,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":329},"UNAS-4","unas-4",[330],{"version":324,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":332,"vendor":207,"product":333,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":334},"UNAS-Pro","unas-pro",[335],{"version":324,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":337,"vendor":207,"product":338,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":339},"UNAS-Pro-4","unas-pro-4",[340],{"version":324,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":342,"vendor":207,"product":343,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":344},"UNAS-Pro-8","unas-pro-8",[345],{"version":324,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":325,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":347,"vendor":207,"product":348,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":349},"UniFi OS Server","unifi os server",[350],{"version":351,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":352,"version_end_type":214,"fixed_in":9},"\u003C 5.0.8","5.0.8",{"ecosystem":9,"name":354,"vendor":207,"product":355,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":356},"UNVR","unvr",[357],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":359,"vendor":207,"product":360,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":361},"UNVR-G2","unvr-g2",[362],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":364,"vendor":207,"product":365,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":366},"UNVR-G2-Pro","unvr-g2-pro",[367],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":369,"vendor":207,"product":370,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},"UNVR-Instant","unvr-instant",[372],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9},{"ecosystem":9,"name":374,"vendor":207,"product":375,"cpe_part":209,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":376},"UNVR-Pro","unvr-pro",[377],{"version":212,"is_range":50,"range_type":58,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":214,"fixed_in":9}]