Vulnerabilities
Vulnerable Software
Ui:  >> Unifi Cloud Key Plus Firmware  Security Vulnerabilities
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-07-02
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-07-02
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.
CVSS Score
7.7
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
CVSS Score
9.9
EPSS Score
0.009
Published
2026-07-02
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
CVSS Score
8.6
EPSS Score
0.005
Published
2026-07-02
CVE-2026-34908
Known exploited
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVSS Score
10.0
EPSS Score
0.025
Published
2026-05-22
CVE-2026-34909
Known exploited
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
CVSS Score
10.0
EPSS Score
0.023
Published
2026-05-22
CVE-2026-34910
Known exploited
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVSS Score
10.0
EPSS Score
0.786
Published
2026-05-22
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
CVSS Score
7.7
EPSS Score
0.007
Published
2026-05-22


Contact Us

Shodan ® - All rights reserved