EUVD-2026-31384
GHSA-95fp-244g-g3vr
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
AnalysisAI
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlying system, which can then be leveraged to take over an underlying account. The flaw carries a maximum CVSS 10.0 score reflecting unauthenticated network exploitation with scope change and full confidentiality, integrity, and availability impact across a broad fleet of UniFi gateways, cameras, NVRs, and NAS appliances. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
24 hours: Audit and inventory all UniFi devices; restrict management interface access to trusted administrative networks only. 7 days: Disable WAN management features across all UniFi OS devices; implement network segmentation isolating UniFi controllers and edge devices from general network traffic. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary ope
Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary file
Share
External POC / Exploit Code
Leaving vuln.today