Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

UNAS-2

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-34911
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.7||HIGH
EPSS-0.01% / 1.65%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 00:43
Updated-22 May, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UniFi OS ServerUNVR-ProUDM-Pro-MaxUDRUNAS-4UNAS-Pro-4UDWUCG-UltraUNAS-2UCG-FiberUDR7EFGUNVR-InstantUDMUDM-SEUNVR-G2UCK-EnterpriseENVRUCG-MaxUCKExpress 7UDM-ProUCG-IndustrialUDM-BeastUCKPUDR-5GUNVRUNAS-Pro-8ENVR-CoreUNVR-G2-ProUNAS-Pro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-34910
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-0.10% / 26.41%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 00:43
Updated-23 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UniFi OS ServerUNVR-ProUDM-Pro-MaxUDRUNAS-4UNAS-Pro-4UDWUCG-UltraUNAS-2UCG-FiberUDR7EFGUNVR-InstantUDMUDM-SEUNVR-G2UCK-EnterpriseENVRUCG-MaxUCKExpress 7UDM-ProUCG-IndustrialUDM-BeastUCKPUDR-5GUNVRUNAS-Pro-8ENVR-CoreUNVR-G2-ProUNAS-Pro
CWE ID-CWE-20
Improper Input Validation
CVE-2026-34908
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-0.02% / 4.57%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 00:43
Updated-23 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UniFi OS ServerUNVR-ProUDM-Pro-MaxUDRUNAS-4UNAS-Pro-4UDWUCG-UltraUNAS-2UCG-FiberUDR7EFGUNVR-InstantUDMUDM-SEUNVR-G2UCK-EnterpriseENVRUCG-MaxUCKExpress 7UDM-ProUCG-IndustrialUDM-BeastUCKPUDR-5GUNVRUNAS-Pro-8ENVR-CoreUNVR-G2-ProUNAS-Pro
CWE ID-CWE-284
Improper Access Control
CVE-2026-34909
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-0.02% / 6.84%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 00:43
Updated-22 May, 2026 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-UDWUCG-UltraUNAS-2UCG-FiberENVRUNAS-ProUCKUDM-ProUDM-BeastUCKPUNAS-Pro-8ExpressUNVR-G2-ProUniFi OS ServerUNVR-ProUDM-Pro-MaxUDRUNAS-4UNAS-Pro-4UDR7EFGUNVR-InstantUDMUDM-SEUNVR-G2UCK-EnterpriseUCG-MaxUCG-IndustrialUDR-5GUNVRENVR-CoreExpress 7
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')