Improper Access Control in UniFi OS Enables Unauthorized System Changes
CVE-2026-34908 Published on May 22, 2026
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Known Exploited Vulnerability
This Ubiquiti UniFi OS Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
The following remediation steps are recommended / required by June 26, 2026: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicab
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-34908 has been classified to as an Authorization vulnerability or weakness.
Affected Versions
Ubiquiti Inc UniFi OS Server:- Before 5.0.8 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.11 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.10 is affected.
- Before 5.1.10 is affected.
- Before 5.1.10 is affected.
- Before 5.1.10 is affected.
- Before 5.1.10 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
- Before 5.1.12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.