LiveActive security incident?Get immediate response
CVE Record

CVE-2026-34910: A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found...

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

CriticalCVSS 10Known exploitedUpdated
Glexia's TakeAutomated analysiscritical

Security readout for executives and security teams

Plain-English summary

CVE-2026-34910 is a critical Ubiquiti UniFi OS command-injection issue. A network-accessible attacker may be able to run commands on affected devices without authentication or user interaction. CISA lists it as known exploited, and a third-party report describes in-the-wild botnet activity, making prompt review and remediation urgent.

Executive priority

Treat as an emergency verification and remediation item. The combination of CVSS 10.0, unauthenticated network attack characteristics, and CISA KEV listing indicates high business risk, especially for exposed UniFi OS infrastructure.

Technical view

The CVE describes improper input validation in UniFi OS devices leading to command injection. CVSS 3.1 is 10.0 with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The source bundle’s affected-product data is ambiguous because listed products show version “0” and defaultStatus “unaffected,” so exact vulnerable versions must be confirmed from Ubiquiti’s advisory.

Likely exposure

Exposure is most concerning for UniFi OS devices reachable from untrusted networks or the internet. The bundle references UniFi OS Server and multiple UDM, UNVR, UDR, ENVR, and related appliances, but does not provide clear affected version ranges.

Exploitation context

Active exploitation is supported by CISA KEV inclusion. The referenced PwnDefend article title reports exploitation in the wild and botnet/Mirai activity. The provided sources do not include exploit mechanics, and none are repeated here.

Researcher notes

Evidence is strong for severity and exploitation, but incomplete for exact affected versions and fixed releases in the provided bundle. The CVE record’s affected data appears inconsistent with the narrative description, so rely on the Ubiquiti advisory for authoritative applicability.

Mitigation direction

  • Review Ubiquiti Security Advisory Bulletin 064 immediately for affected versions and updates.
  • Apply vendor-provided updates or remediation when confirmed applicable.
  • Restrict UniFi OS management access to trusted administrative networks.
  • Remove internet exposure for management interfaces where operationally possible.
  • Monitor for suspicious device behavior and unexpected outbound traffic.
  • Prioritize KEV-driven remediation in vulnerability management workflows.

Validation and detection

  • Inventory all UniFi OS devices and record model and firmware version.
  • Compare inventory against Ubiquiti’s advisory for CVE-2026-34910 applicability.
  • Confirm whether any management interfaces are internet reachable.
  • Check CISA KEV entry for current remediation expectations.
  • Review security logs for unusual authentication, configuration, or outbound activity.
  • Document remediation status and exceptions for all in-scope devices.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2026-34910 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Critical
CVSS
10 (3.1)
Known Exploited
Yes
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
5Timeline events
1ADP providers
4Source links

CISA KEV status

Status
Known exploited
Source
CISA-ADP
Date added
KEV reference

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: activeAutomatable: yesTechnical Impact: total

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
10CVSS 3.1CriticalCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H3.96hackerone

Vulnerability scoring details

Base CVSS 3.1 score

10Critical
CVSS 3.1 vector shape for CVE-2026-34910Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. Added to KEVCISA-ADP

    CISA Known Exploited Vulnerabilities metadata lists this CVE as known exploited.

  4. ADP timelineCISA-ADP

    CVE-2026-34910 added to CISA KEV

  5. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvcother:kev
  • 2026-06-23T00:00:00.000Z: CVE-2026-34910 added to CISA KEV
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Ubiquiti IncUniFi OS Server0unaffected
Ubiquiti IncUDM0unaffected
Ubiquiti IncUDM-Pro0unaffected
Ubiquiti IncUDM-SE0unaffected
Ubiquiti IncUDM-Pro-Max0unaffected
Ubiquiti IncUDM-Beast0unaffected
Ubiquiti IncEFG0unaffected
Ubiquiti IncUDW0unaffected
Ubiquiti IncUDR0unaffected
Ubiquiti IncUDR70unaffected
Ubiquiti IncUDR-5G0unaffected
Ubiquiti IncExpress 70unaffected
Ubiquiti IncUNVR0unaffected
Ubiquiti IncUNVR-Pro0unaffected
Ubiquiti IncUNVR-Instant0unaffected
Ubiquiti IncUNVR-G20unaffected
Ubiquiti IncUNVR-G2-Pro0unaffected
Ubiquiti IncENVR0unaffected
Ubiquiti IncENVR-Core0unaffected
Ubiquiti IncUNAS-20unaffected
Ubiquiti IncUNAS-40unaffected
Ubiquiti IncUNAS-Pro0unaffected
Ubiquiti IncUNAS-Pro-40unaffected
Ubiquiti IncUNAS-Pro-80unaffected
Ubiquiti IncUCKP0unaffected
Ubiquiti IncUCK0unaffected
Ubiquiti IncUCK-Enterprise0unaffected
Ubiquiti IncUCG-Ultra0unaffected
Ubiquiti IncUCG-Max0unaffected
Ubiquiti IncUCG-Fiber0unaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-20 · source CWE mapping

Improper Input Validation

Improper Input Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.