Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Security Flaw Found in Ubiquiti UniFi OS Could Let Hackers Access Your Network

A serious security weakness has been found in Ubiquiti's UniFi OS software that is actively being exploited by attackers. This flaw could allow unauthorised users to access sensitive parts of your network, posing a risk to businesses using this common networking system.

24 June 2026

Reference: CVE-2026-34909

1. What is being reported?

The report highlights a 'path traversal' vulnerability in Ubiquiti's UniFi OS. This means attackers can trick the system into showing files or data they should not be able to see by manipulating file paths.

2. What this means in plain English

If your organisation uses UniFi OS, attackers might be able to access confidential information or disrupt your network by exploiting this flaw. This could lead to data breaches or network downtime.

3. Could this affect a small business?

Small businesses, charities, clubs, or trustees using Ubiquiti UniFi OS devices connected to the internet could be affected. If you do not use this product or it is not internet-facing, the risk is much lower.

4. What to do now

  • Check if your organisation uses Ubiquiti UniFi OS devices, especially those accessible from the internet.
  • Contact your IT provider or software supplier to confirm if mitigations or updates are available and apply them promptly.
  • If no fix is available, consider disconnecting affected devices from the internet until a solution is in place.
  • Ensure your organisation follows recommended security update practices and monitors for unusual activity on your network.

5. Ask your IT provider

Can you confirm if our Ubiquiti UniFi OS devices are affected by CVE-2026-34909 and what steps are being taken to mitigate this known exploited vulnerability?

6. Bottom line

If you use Ubiquiti UniFi OS, act quickly to apply security measures to protect your network from active attacks.

Information based on CISA Known Exploited Vulnerabilities list and reputable security reporting.

Back to Vulnerability Briefs