Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

unas_pro

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-34911
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.7||HIGH
EPSS-0.66% / 46.94%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 00:43
Updated-24 Jun, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-unifi_network_video_recorder_instant_firmwareunifi_cloud_gateway_fiberunifi_dream_machine_pro_firmwareenterprise_network_video_recorder_firmwareunifi_dream_machine_firmwareunifi_cloud_key_plus_firmwareunifi_cloudkey_firmwareunifi_network_video_recorder_g2_prounifi_express_7unifi_dream_machine_beast_firmwareunas_4_firmwareenterprise_fortress_gateway_firmwareunifi_express_7_firmwareunifi_cloud_gateway_fiber_firmwareunas_2_firmwareunas_pro_4_firmwareunifi_network_video_recorder_instantunifi_dream_machine_special_editionunas_pro_8_firmwareunifi_dream_machine_pro_max_firmwareunifi_network_video_recorder_firmwareunas_4unifi_cloud_gateway_maxunas_pro_4unifi_network_video_recorder_g2_firmwareunifi_dream_router_firmwareunifi_cloudkey_enterpriseenterprise_network_video_recorderunifi_cloud_gateway_industrial_firmwareunifi_cloud_key_plusunifi_dream_routerunifi_dream_wall_firmwareunifi_network_video_recorder_pro_firmwareunifi_dream_router_7_firmwareunifi_network_video_recorder_g2unifi_dream_router_5g_max_firmwareenterprise_fortress_gatewayenterprise_network_video_recorder_core_firmwareunifi_cloud_gateway_industrialunas_prounas_2unifi_dream_wallunifi_dream_machine_beastunas_pro_firmwareunifi_cloud_gateway_ultraunas_pro_8enterprise_network_video_recorder_coreunifi_os_serverunifi_network_video_recorderunifi_cloudkeyunifi_dream_router_7unifi_dream_machineunifi_dream_machine_pro_maxunifi_dream_router_5g_maxunifi_network_video_recorder_prounifi_network_video_recorder_g2_pro_firmwareunifi_cloud_gateway_max_firmwareunifi_dream_machine_prounifi_cloudkey_enterprise_firmwareunifi_cloud_gateway_ultra_firmwareunifi_dream_machine_special_edition_firmwareUniFi OS ServerUNVR-ProUDM-Pro-MaxUDRUNAS-4UNAS-Pro-4UDWUCG-UltraUNAS-2UCG-FiberUDR7EFGUNVR-InstantUDMUDM-SEUNVR-G2UCK-EnterpriseENVRUCG-MaxUCKExpress 7UDM-ProUCG-IndustrialUDM-BeastUCKPUDR-5GUNVRUNAS-Pro-8ENVR-CoreUNVR-G2-ProUNAS-Pro
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-34910
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-33.62% / 98.16%
||
7 Day CHG+29.11%
Published-22 May, 2026 | 00:43
Updated-24 Jun, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-06-26||Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-unifi_network_video_recorder_instant_firmwareunifi_cloud_gateway_fiberunifi_dream_machine_pro_firmwareenterprise_network_video_recorder_firmwareunifi_dream_machine_firmwareunifi_cloud_key_plus_firmwareunifi_cloudkey_firmwareunifi_network_video_recorder_g2_prounifi_express_7unifi_dream_machine_beast_firmwareunas_4_firmwareenterprise_fortress_gateway_firmwareunifi_express_7_firmwareunifi_cloud_gateway_fiber_firmwareunas_2_firmwareunas_pro_4_firmwareunifi_network_video_recorder_instantunifi_dream_machine_special_editionunas_pro_8_firmwareunifi_dream_machine_pro_max_firmwareunifi_network_video_recorder_firmwareunas_4unifi_cloud_gateway_maxunas_pro_4unifi_network_video_recorder_g2_firmwareunifi_dream_router_firmwareunifi_cloudkey_enterpriseenterprise_network_video_recorderunifi_cloud_gateway_industrial_firmwareunifi_cloud_key_plusunifi_dream_routerunifi_dream_wall_firmwareunifi_network_video_recorder_pro_firmwareunifi_dream_router_7_firmwareunifi_network_video_recorder_g2unifi_dream_router_5g_max_firmwareenterprise_fortress_gatewayenterprise_network_video_recorder_core_firmwareunifi_cloud_gateway_industrialunas_prounas_2unifi_dream_wallunifi_dream_machine_beastunas_pro_firmwareunifi_cloud_gateway_ultraunas_pro_8enterprise_network_video_recorder_coreunifi_os_serverunifi_network_video_recorderunifi_cloudkeyunifi_dream_router_7unifi_dream_machineunifi_dream_machine_pro_maxunifi_dream_router_5g_maxunifi_network_video_recorder_prounifi_network_video_recorder_g2_pro_firmwareunifi_cloud_gateway_max_firmwareunifi_dream_machine_prounifi_cloudkey_enterprise_firmwareunifi_cloud_gateway_ultra_firmwareunifi_dream_machine_special_edition_firmwareUNVR-G2UniFi OS ServerUNAS-2ENVR-CoreUCG-UltraUDM-Pro-MaxUNAS-4UCKUNVR-InstantUCK-EnterpriseUCG-MaxUNVR-ProUDMExpress 7UDM-SEENVRUDM-BeastEFGUDR7UNAS-Pro-8UDWUNVRUNAS-ProUDR-5GUNVR-G2-ProUCKPUCG-FiberUDM-ProUNAS-Pro-4UDRUCG-IndustrialUniFi OS
CWE ID-CWE-20
Improper Input Validation
CVE-2026-34908
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-0.86% / 53.74%
||
7 Day CHG+0.30%
Published-22 May, 2026 | 00:43
Updated-24 Jun, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-06-26||Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-unifi_network_video_recorder_instant_firmwareunifi_cloud_gateway_fiberunifi_dream_machine_pro_firmwareenterprise_network_video_recorder_firmwareunifi_dream_machine_firmwareunifi_cloud_key_plus_firmwareunifi_cloudkey_firmwareunifi_network_video_recorder_g2_prounifi_express_7unifi_dream_machine_beast_firmwareunas_4_firmwareenterprise_fortress_gateway_firmwareunifi_express_7_firmwareunifi_cloud_gateway_fiber_firmwareunas_2_firmwareunas_pro_4_firmwareunifi_network_video_recorder_instantunifi_dream_machine_special_editionunas_pro_8_firmwareunifi_dream_machine_pro_max_firmwareunifi_network_video_recorder_firmwareunas_4unifi_cloud_gateway_maxunas_pro_4unifi_network_video_recorder_g2_firmwareunifi_dream_router_firmwareunifi_cloudkey_enterpriseenterprise_network_video_recorderunifi_cloud_gateway_industrial_firmwareunifi_cloud_key_plusunifi_dream_routerunifi_dream_wall_firmwareunifi_network_video_recorder_pro_firmwareunifi_dream_router_7_firmwareunifi_network_video_recorder_g2unifi_dream_router_5g_max_firmwareenterprise_fortress_gatewayenterprise_network_video_recorder_core_firmwareunifi_cloud_gateway_industrialunas_prounas_2unifi_dream_wallunifi_dream_machine_beastunas_pro_firmwareunifi_cloud_gateway_ultraunas_pro_8enterprise_network_video_recorder_coreunifi_os_serverunifi_network_video_recorderunifi_cloudkeyunifi_dream_router_7unifi_dream_machineunifi_dream_machine_pro_maxunifi_dream_router_5g_maxunifi_network_video_recorder_prounifi_network_video_recorder_g2_pro_firmwareunifi_cloud_gateway_max_firmwareunifi_dream_machine_prounifi_cloudkey_enterprise_firmwareunifi_cloud_gateway_ultra_firmwareunifi_dream_machine_special_edition_firmwareUNVR-G2UniFi OS ServerUNAS-2ENVR-CoreUCG-UltraUDM-Pro-MaxUNAS-4UCKUNVR-InstantUCK-EnterpriseUCG-MaxUNVR-ProUDMExpress 7UDM-SEENVRUDM-BeastEFGUDR7UNAS-Pro-8UDWUNVRUNAS-ProUDR-5GUNVR-G2-ProUCKPUCG-FiberUDM-ProUNAS-Pro-4UDRUCG-IndustrialUniFi OS
CWE ID-CWE-284
Improper Access Control
CVE-2026-34909
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-10||CRITICAL
EPSS-0.90% / 54.84%
||
7 Day CHG+0.27%
Published-22 May, 2026 | 00:43
Updated-24 Jun, 2026 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-06-26||Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

Action-Not Available
Vendor-Ubiquiti Inc.
Product-unifi_network_video_recorder_instant_firmwareunifi_cloud_gateway_fiberunifi_dream_machine_pro_firmwareenterprise_network_video_recorder_firmwareunifi_dream_machine_firmwareunifi_expressunifi_cloud_key_plus_firmwareunifi_cloudkey_firmwareunifi_network_video_recorder_g2_prounifi_express_7unifi_dream_machine_beast_firmwareunas_4_firmwareenterprise_fortress_gateway_firmwareunifi_express_7_firmwareunifi_cloud_gateway_fiber_firmwareunas_2_firmwareunas_pro_4_firmwareunifi_express_firmwareunifi_network_video_recorder_instantunifi_dream_machine_special_editionunas_pro_8_firmwareunifi_dream_machine_pro_max_firmwareunifi_network_video_recorder_firmwareunas_4unifi_cloud_gateway_maxunas_pro_4unifi_network_video_recorder_g2_firmwareunifi_dream_router_firmwareunifi_cloudkey_enterpriseenterprise_network_video_recorderunifi_cloud_gateway_industrial_firmwareunifi_cloud_key_plusunifi_dream_routerunifi_dream_wall_firmwareunifi_network_video_recorder_pro_firmwareunifi_dream_router_7_firmwareunifi_network_video_recorder_g2unifi_dream_router_5g_max_firmwareenterprise_fortress_gatewayenterprise_network_video_recorder_core_firmwareunifi_cloud_gateway_industrialunas_prounas_2unifi_dream_wallunifi_dream_machine_beastunas_pro_firmwareunifi_cloud_gateway_ultraunas_pro_8enterprise_network_video_recorder_coreunifi_os_serverunifi_network_video_recorderunifi_cloudkeyunifi_dream_router_7unifi_dream_machineunifi_dream_machine_pro_maxunifi_dream_router_5g_maxunifi_network_video_recorder_prounifi_network_video_recorder_g2_pro_firmwareunifi_cloud_gateway_max_firmwareunifi_dream_machine_prounifi_cloudkey_enterprise_firmwareunifi_cloud_gateway_ultra_firmwareunifi_dream_machine_special_edition_firmwareUNVR-G2ENVR-CoreUCK-EnterpriseExpress 7UDM-SEENVREFGUDR7UDWUNVRUDR-5GUDM-ProUNAS-Pro-4UDRUniFi OS ServerUNAS-2UCG-UltraUDM-Pro-MaxUNAS-4UCKExpressUNVR-InstantUNVR-ProUCG-MaxUDMUDM-BeastUNAS-Pro-8UNAS-ProUNVR-G2-ProUCKPUCG-FiberUCG-IndustrialUniFi OS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')