CVE-2026-34909 — Ubiquiti UniFi OS Path Traversal Vulnerability

Description

Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.

How to fix CVE-2026-34909

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2026-34909 being exploited?

Yes — CVE-2026-34909 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.