CVE-2026-34908

CRITICAL CISA KEV POC TTE 18d Pub 22/05 Upd 24/06

Overview

This vulnerability is an Improper Access Control flaw affecting Ubiquiti UniFi OS Server and related firmware components. The root cause lies in insufficient enforcement of authorization checks within system management interfaces, allowing unauthorized network actors to interact with privileged functions. The affected components include UniFi OS devices and various UniFi Dream Machine firmware variants, where control mechanisms fail to restrict access to critical configuration endpoints.

Vulnerability Description

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Impact

An attacker with network access to UniFi OS devices can perform unauthorized system configuration changes without any authentication. This can lead to full compromise of device integrity, enabling persistent control, disruption of network services, or lateral movement within the environment. No user interaction or valid credentials are needed, making exploitation straightforward in exposed network segments. The breach of administrative controls can result in significant operational impact and potential data exposure within managed networks.

Solution

Ubiquiti has released Security Advisory Bulletin 064 addressing this issue for UniFi OS Server and affected firmware versions. Users should apply the updates as specified in the advisory available at https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b. The advisory details patched firmware versions and recommends immediate upgrade of UniFi OS Server and all impacted Dream Machine firmware to mitigate unauthorized access risks.

EPSS vs KEV Prediction — Evolution (30 days)

Full Analysis

The vulnerability in UniFi OS devices stems from improper access control mechanisms, which allow unauthorized users to gain elevated privileges within the system. This flaw arises when the system fails to adequately enforce permissions, enabling a malicious actor with network access to bypass security measures. The lack of stringent authentication and authorization checks can lead to significant security breaches, as attackers can manipulate system configurations, access sensitive data, or even disrupt services. The technical intricacies of this vulnerability highlight the importance of robust access control protocols, which are essential for maintaining the integrity and confidentiality of networked devices.

Attack vectors for exploiting this vulnerability are varied and can be executed through several methods. An attacker with basic network access could leverage tools to scan for vulnerable devices, subsequently exploiting the access control weaknesses to gain unauthorized entry. Once inside, the attacker could alter system settings, install malicious software, or exfiltrate sensitive information. Scenarios may include an insider threat, where a disgruntled employee exploits their access to cause harm, or an external attacker gaining entry through unsecured network connections. The potential for lateral movement within the network further amplifies the risk, as compromised devices can serve as launch pads for broader attacks against other connected systems.

The real-world impact of this vulnerability is profound, particularly for organizations relying on UniFi OS devices for critical operations. Unauthorized changes to system configurations can lead to service disruptions, data breaches, and financial losses. The business risk is compounded by the potential for reputational damage, as customers and partners may lose trust in an organization that fails to protect its systems adequately. Furthermore, regulatory implications may arise if sensitive data is compromised, leading to legal consequences and fines. Organizations must recognize that the ramifications of such vulnerabilities extend beyond immediate technical concerns, affecting overall business continuity and stakeholder confidence.

To detect and mitigate this vulnerability, organizations should implement a multi-layered security approach. Regular vulnerability assessments and penetration testing can help identify weaknesses in access controls before they can be exploited. Employing network segmentation can limit the potential impact of an attack by isolating critical systems from less secure areas of the network. Additionally, organizations should enforce strict access control policies, ensuring that only authorized personnel have the necessary permissions to make changes to system configurations. Continuous monitoring of network activity can also aid in the early detection of suspicious behavior, allowing for prompt incident response.

In conclusion, the improper access control vulnerability in UniFi OS devices poses a significant threat to organizations that utilize these systems. Understanding the technical details, potential attack vectors, and real-world implications is crucial for developing effective security strategies. By prioritizing detection and mitigation efforts, organizations can safeguard their networks against unauthorized access and maintain the integrity of their operations. As cybersecurity threats continue to evolve, proactive measures and a commitment to security best practices will be essential in defending against such vulnerabilities.

Affected Products (31)

Vendor Product Version CPE
ui Ui Unifi Os Server All cpe:2.3:a:ui:unifi_os_server:*:*:*:*:*:*:*:*
ui Ui Enterprise Fortress Gateway Firmware All cpe:2.3:o:ui:enterprise_fortress_gateway_firmware:*:*:*:*:*:*:*:*
ui Ui Enterprise Network Video Recorder Core Firmware All cpe:2.3:o:ui:enterprise_network_video_recorder_core_firmware:*:*:*:*:*:*:*:*
ui Ui Enterprise Network Video Recorder Firmware All cpe:2.3:o:ui:enterprise_network_video_recorder_firmware:*:*:*:*:*:*:*:*
ui Ui Unas 2 Firmware All cpe:2.3:o:ui:unas_2_firmware:*:*:*:*:*:*:*:*
ui Ui Unas 4 Firmware All cpe:2.3:o:ui:unas_4_firmware:*:*:*:*:*:*:*:*
ui Ui Unas Pro 4 Firmware All cpe:2.3:o:ui:unas_pro_4_firmware:*:*:*:*:*:*:*:*
ui Ui Unas Pro 8 Firmware All cpe:2.3:o:ui:unas_pro_8_firmware:*:*:*:*:*:*:*:*
ui Ui Unas Pro Firmware All cpe:2.3:o:ui:unas_pro_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloud Gateway Fiber Firmware All cpe:2.3:o:ui:unifi_cloud_gateway_fiber_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloud Gateway Industrial Firmware All cpe:2.3:o:ui:unifi_cloud_gateway_industrial_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloud Gateway Max Firmware All cpe:2.3:o:ui:unifi_cloud_gateway_max_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloud Gateway Ultra Firmware All cpe:2.3:o:ui:unifi_cloud_gateway_ultra_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloud Key Plus Firmware All cpe:2.3:o:ui:unifi_cloud_key_plus_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloudkey Enterprise Firmware All cpe:2.3:o:ui:unifi_cloudkey_enterprise_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Cloudkey Firmware All cpe:2.3:o:ui:unifi_cloudkey_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Dream Machine Beast Firmware All cpe:2.3:o:ui:unifi_dream_machine_beast_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Dream Machine Firmware All cpe:2.3:o:ui:unifi_dream_machine_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Dream Machine Pro Firmware All cpe:2.3:o:ui:unifi_dream_machine_pro_firmware:*:*:*:*:*:*:*:*
ui Ui Unifi Dream Machine Pro Max Firmware All cpe:2.3:o:ui:unifi_dream_machine_pro_max_firmware:*:*:*:*:*:*:*:*
+11 additional CPEs
Warning: The exploits and proof-of-concept (PoC) code listed below are sourced from third-party public repositories. CSURFACE assumes no responsibility for the content, accuracy, or safety of these resources. Use at your own risk. Learn more

GitHub PoCs (1)

Repository Author Stars Forks Date Link
BishopFox/CVE-2026-34908-check
Safely detect whether a UniFi OS Server is vulnerable to CVE-2026-34908
BishopFox 63 4 2026-06-05 View
Exploited in Wild CONFIRMED
Ransomware NOT ASSOCIATED
Attacker Interest MEDIUM
Sightings Few sightings

Threat Feed

16 events
2026-07-06
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-07-04
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-07-01
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-25
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-24
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-23
Threat Sensor Sighting — Some sightings

Sighting activity recorded

2026-06-23
Added to CISA KEV Catalog

CISA confirmed active exploitation — added to Known Exploited Vulnerabilities catalog

2026-06-19
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-09
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-09
Detected as Exploited in the Wild

Active exploitation confirmed — vendor: Ubiquiti, product: UniFi OS

2026-06-08
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-06
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-05
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-06-05
PoC Published (1 GitHub repositories)

Proof-of-concept code is publicly available for this vulnerability

2026-05-27
Threat Sensor Sighting — Few sightings

Sighting activity recorded

2026-05-26
Threat Sensor Sighting — Few sightings

Sighting activity recorded

Likely Kill Chain

Typical exploitation path inferred from this vulnerability's characteristics — mapped to MITRE ATT&CK tactics.

Applicable Out of scope
Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Priv. Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Lateral Movement
TA0008
Collection
TA0009
Impact
TA0040

Highlighted stages are those attackers typically reach when exploiting this CVE. Heuristic based on CWE families — refined by ML classifier when available.

Attack Vectors ML

Authorization Bypass
100% authz_bypass
Insecure Direct Object Reference
92% idor
Authentication Bypass
90% auth_bypass
Privilege Escalation
35% privilege_escalation

MITRE ATT&CK Techniques (0)

ATT&CK techniques pending

Techniques are derived from this CVE's kill chains once ML classification completes.

CAPEC Attack Patterns ML

ID Name ML Conf. Likelihood Severity Link
CAPEC-479 Malicious Root Certificate
33%
Low Low
CAPEC-578 Disable Security Software
33%
Medium Medium
CAPEC-552 Install Rootkit
33%
Medium High
CAPEC-558 Replace Trusted Executable
33%
Low High
CAPEC-478 Modification of Windows Service Configuration
33%
Low High

Red Team Playbook

AtomicRedTeam integration in progress

Executable commands will be auto-mapped to each ATT&CK technique of this CVE.

Detection & Response Rules

No detection or response rules found for this CVE.

No news articles found for this CVE.

References (4)

Title Tags URL
nvd.nist.gov
NVD reference
https://nvd.nist.gov/vuln/detail/CVE-2026-34908
community.ui.com
GitHub CVE
https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
cisa.gov
NVD API
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34908
pwndefend.com
NVD API
https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/