125
CVEs
36
Critical
64
High
3
KEV
23
PoC
55
Unpatched C/H
39.2%
Patch Rate
1.0%
Avg EPSS
Severity Breakdown
CRITICAL
36
HIGH
64
MEDIUM
22
LOW
3
Monthly CVE Trend
Affected Products (30)
Express 7
14
Unifi Os Server
13
Unifi Network Application
9
Er X Sfp Firmware
8
Udr
8
Udr7
8
Efg
8
Er X Firmware
8
Udm Beast
8
Ucg Max
8
Ucg Fiber
8
Udr 5G
8
Udm Pro Max
8
Udm
8
Udm Se
8
Ucg Ultra
8
Ucg Industrial
8
Udm Pro
8
Udw
8
Unvr G2
7
Envr Core
7
Unvr Pro
7
Dream Routers
7
Unas Pro 8
7
Unas Pro 4
7
Unas 4
7
Cloud Gateways
7
Uck Enterprise
7
Unvr Instant
7
Unvr
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-34910 | Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute arbitrary operating system commands by sending crafted input that bypasses validation. The flaw carries a maximum CVSS 10.0 score with scope change (S:C) impacting confidentiality, integrity, and availability, and affects a broad fleet of UniFi gateways, NVRs, NAS units, and Cloud Keys. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. | CRITICAL | 10.0 | 0.1% | 120 |
KEV
PoC
|
| CVE-2026-34909 | Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlying system, which can then be leveraged to take over an underlying account. The flaw carries a maximum CVSS 10.0 score reflecting unauthenticated network exploitation with scope change and full confidentiality, integrity, and availability impact across a broad fleet of UniFi gateways, cameras, NVRs, and NAS appliances. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV. | CRITICAL | 10.0 | 0.0% | 120 |
KEV
PoC
|
| CVE-2026-34908 | Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configuration without authentication, affecting a broad range of UniFi gateways, dream machines, NVRs, NAS units, and cloud keys. The maximum CVSS 10.0 score reflects network-reachable, unauthenticated exploitation with scope change and full confidentiality, integrity, and availability impact; no public exploit identified at time of analysis, but the authentication bypass nature elevates urgency for any UniFi management plane exposed beyond trusted segments. | CRITICAL | 10.0 | 0.0% | 120 |
KEV
PoC
|
| CVE-2013-1606 | Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 21.8%. | HIGH | 7.5 | 21.8% | 79 |
PoC
No patch
|
| CVE-2026-22557 | A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attackers to access arbitrary files on the underlying system and manipulate them to gain account access. This vulnerability affects Ubiquiti's UniFi Network Application with a maximum CVSS score of 10.0, indicating critical severity with network-based exploitation requiring no user interaction or privileges. The vulnerability was reported through HackerOne, suggesting responsible disclosure, though current exploitation status in the wild is not confirmed. | CRITICAL | 10.0 | 0.0% | 70 |
PoC
No patch
|
| CVE-2023-24104 | Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.8% | 69 |
PoC
No patch
|
| CVE-2023-1458 | A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 3.3% | 69 |
PoC
No patch
|
| CVE-2016-7792 | Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 0.9% | 65 |
PoC
No patch
|
| CVE-2023-23912 | A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 0.9% | 64 |
PoC
No patch
|
| CVE-2023-2375 | A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.3 | 6.6% | 63 |
PoC
No patch
|
| CVE-2023-2374 | A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.3 | 4.5% | 61 |
PoC
No patch
|
| CVE-2023-2373 | A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.3 | 4.3% | 61 |
PoC
No patch
|
| CVE-2023-2376 | A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.3 | 4.3% | 61 |
PoC
No patch
|
| CVE-2023-2377 | A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.3 | 4.3% | 61 |
PoC
No patch
|
| CVE-2023-2378 | A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.3 | 4.3% | 61 |
PoC
No patch
|