๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability
Summary
Ubiquiti UniFi OS has a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that could allow someone on the network to read and modify system files to gain unauthorized account access. This vulnerability is currently being actively exploited by attackers in the wild.
Solution / Mitigation
Apply mitigations according to vendor instructions and follow CISA's BOD 26-04 guidance for prioritizing security updates based on risk. If mitigations are unavailable, discontinue use of the product. Organizations must evaluate each system's internet exposure and ensure adherence to BOD 26-04 patching guidelines by the due date of June 26, 2026. Refer to the Ubiquiti Security Advisory Bulletin 064 for specific patch details.
Vulnerability Details
EPSS: 0.9%
Yes
๐ฅ Actively Exploited
June 22, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34909
First tracked: June 23, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%