EUVD-2026-31387
GHSA-m2r4-jq7j-hchx
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
AnalysisAI
Path traversal in Ubiquiti UniFi OS devices allows authenticated low-privileged network attackers to read arbitrary files on the underlying device filesystem, enabling disclosure of sensitive information such as configuration data, credentials, or cryptographic material. The flaw (CVSS 7.7, scope-changed) affects a broad fleet of UniFi gateways, cloud keys, NVRs, and NAS appliances. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all affected Ubiquiti UniFi OS devices in your environment and note current firmware versions; check Ubiquiti security advisory for complete list of affected product models and versions. Within 7 days: Implement network access controls restricting UniFi management interfaces to authorized administrator networks only; enable comprehensive audit logging on all UniFi devices; enforce least-privilege access for all user accounts with UniFi access. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur
Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin
Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar
Command injection in Ubiquiti UniFi OS devices allows a high-privileged attacker on the network to execute arbitrary ope
Share
External POC / Exploit Code
Leaving vuln.today