A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HUi Unifi Os Server
APPUi< 5.0.8
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2026-34908CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Nieprawidłowa kontrola dostępu w UniFi OS — nieautoryzowane zmiany systemowe
CVE-2026-34909CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Path Traversal w UniFi OS — dostęp do plików systemowych i przejęcie konta
CVE-2026-34910CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Command Injection w UniFi OS via nieprawidłowa walidacja wejścia
CVE-2026-34911HIGH7.7ten sam produkt
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability f...
CVE-2010-5330CRITICAL9.8⚠ KEVten sam vendor
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) beca...