CVE-2026-34910

EUVD-2026-31382
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
uiunifi_os_server
𝑥
< 5.0.8
uiunifi_cloud_gateway_industrial_firmware
𝑥
< 5.1.12
uiunifi_dream_machine_firmware
𝑥
< 5.1.12
uiunifi_dream_machine_pro_firmware
𝑥
< 5.1.12
uiunifi_dream_machine_special_edition_firmware
𝑥
< 5.1.12
uiunifi_dream_machine_pro_max_firmware
𝑥
< 5.1.12
uienterprise_fortress_gateway_firmware
𝑥
< 5.1.12
uiunifi_dream_wall_firmware
𝑥
< 5.1.12
uiunifi_dream_router_firmware
𝑥
< 5.1.12
uiunifi_dream_router_7_firmware
𝑥
< 5.1.12
uiunifi_express_7_firmware
𝑥
< 5.1.12
uiunifi_network_video_recorder_firmware
𝑥
< 5.1.12
uiunifi_network_video_recorder_pro_firmware
𝑥
< 5.1.12
uiunifi_network_video_recorder_instant_firmware
𝑥
< 5.1.12
uienterprise_network_video_recorder_firmware
𝑥
< 5.1.12
uiunifi_cloud_gateway_ultra_firmware
𝑥
< 5.1.12
uiunifi_cloud_gateway_max_firmware
𝑥
< 5.1.12
uiunifi_cloud_gateway_fiber_firmware
𝑥
< 5.1.12
uiunifi_dream_router_5g_max_firmware
𝑥
< 5.1.12
uienterprise_network_video_recorder_core_firmware
𝑥
< 5.1.12
uiunifi_cloud_key_plus_firmware
𝑥
< 5.1.12
uiunifi_cloudkey_firmware
𝑥
< 5.1.12
uiunifi_cloudkey_enterprise_firmware
𝑥
< 5.1.12
uiunifi_network_video_recorder_g2_firmware
𝑥
< 5.1.12
uiunifi_network_video_recorder_g2_pro_firmware
𝑥
< 5.1.12
uiunifi_dream_machine_beast_firmware
𝑥
< 5.1.11
uiunas_2_firmware
𝑥
< 5.1.10
uiunas_4_firmware
𝑥
< 5.1.10
uiunas_pro_firmware
𝑥
< 5.1.10
uiunas_pro_4_firmware
𝑥
< 5.1.10
uiunas_pro_8_firmware
𝑥
< 5.1.10
𝑥
= Vulnerable software versions