vulnerability context

CVE-2026-34908

CVSS 10.0 CRITICALEPSS 6.3%CWE-284

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Published 2026-05-22 · last modified 2026-05-22

details

CISA KEV status: Not in catalog
CVSS v3: 10.0 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS: 6.3% percentile (score 0.0002)
CWE: CWE-284

View on NVD → · cve.org

source mentions 2

[OffSequence] CVE-2026-34908: Critical flaw hits Ubiquiti UniFi OS Server — unauthenticated attackers can gain full control remo...Bluesky · 19d ago
[TheHackerWire] 🔴 CVE-2026-34908 - Critical (10) A malicious actor with access to the network could exploit an Improper Access...Bluesky · 19d ago

source consensus

Bluesky2×

Want the 3-bullet summary of CVE-2026-34908, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →