ГлавнаяУязвимости → CVE-2026-34909
10критическая

CVE-2026-34909

Описание

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Затрагиваемое ПО
Ui Unifi os serverUi Unifi cloud gateway industrial firmwareUi Unifi cloud gateway industrialUi Unifi dream machine firmwareUi Unifi dream machineUi Unifi dream machine pro firmwareUi Unifi dream machine proUi Unifi dream machine special edition firmwareUi Unifi dream machine special editionUi Unifi dream machine pro max firmwareUi Unifi dream machine pro maxUi Enterprise fortress gateway firmwareUi Enterprise fortress gatewayUi Unifi dream wall firmwareUi Unifi dream wallUi Unifi dream router firmwareUi Unifi dream routerUi Unifi dream router 7 firmwareUi Unifi dream router 7Ui Unifi express 7 firmwareUi Unifi express 7Ui Unifi network video recorder firmwareUi Unifi network video recorderUi Unifi network video recorder pro firmwareUi Unifi network video recorder pro
CVSS
Балл10 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963bhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34909https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/