24 June 2026
Reference: CVE-2026-34909
1. What is being reported?
The report highlights a 'path traversal' vulnerability in Ubiquiti's UniFi OS. This means attackers can trick the system into showing files or data they should not be able to see by manipulating file paths.
2. What this means in plain English
If your organisation uses UniFi OS, attackers might be able to access confidential information or disrupt your network by exploiting this flaw. This could lead to data breaches or network downtime.
3. Could this affect a small business?
Small businesses, charities, clubs, or trustees using Ubiquiti UniFi OS devices connected to the internet could be affected. If you do not use this product or it is not internet-facing, the risk is much lower.
4. What to do now
- Check if your organisation uses Ubiquiti UniFi OS devices, especially those accessible from the internet.
- Contact your IT provider or software supplier to confirm if mitigations or updates are available and apply them promptly.
- If no fix is available, consider disconnecting affected devices from the internet until a solution is in place.
- Ensure your organisation follows recommended security update practices and monitors for unusual activity on your network.
5. Ask your IT provider
Can you confirm if our Ubiquiti UniFi OS devices are affected by CVE-2026-34909 and what steps are being taken to mitigate this known exploited vulnerability?
6. Bottom line
If you use Ubiquiti UniFi OS, act quickly to apply security measures to protect your network from active attacks.
Information based on CISA Known Exploited Vulnerabilities list and reputable security reporting.