Moole Vulnerability Database

Find real vulnerabilities before they ship

Critical

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

VectorNETWORK

PublishedMay 22, 2026, 02:16

Published Bysupport@hackerone.com

Base Score

Score10

Affected Versions

No affected versions found.

References

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Weakness Type

CWE-284

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base SeverityCritical

Version

3.1

Attack Vector (AV)

NETWORK