Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-34910: Unifi OS Command Injection through Malicious Network Access
CVE-2026-34910
Summary
Unifi OS devices can be compromised if an attacker is on the same network. This could allow the attacker to execute unauthorized system commands. To protect your network, ensure you keep UniFi OS software up to date and implement network segmentation.
Original title
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
Original description
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
nvd CVSS3.1
10.0
Vulnerability type
CWE-20
Improper Input Validation
Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 22 May 2026