Skip to content
Threat Feed
Subscribe

Tag

Unifi

6 briefs RSS
critical advisory

Multiple Critical Vulnerabilities in Ubiquiti UniFi OS

Ubiquiti has addressed multiple critical vulnerabilities including CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, and CVE-2026-33000 in UniFi OS, which could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems.

UniFi OS vulnerability unifi command_injection path_traversal improper_access_control
2r 1t 4c
critical advisory

UniFi Play Path Traversal Vulnerability (CVE-2026-22562)

A path traversal vulnerability in UniFi Play devices allows an attacker with network access to write arbitrary files, leading to remote code execution.

path-traversal rce unifi
2r 2t 1c
medium advisory

UniFi Play Improper Access Control Vulnerability (CVE-2026-22566)

An improper access control vulnerability in UniFi Play PowerAmp and Audio Port allows a malicious actor with access to the UniFi Play network to obtain WiFi credentials.

vulnerability access-control unifi
2r 1t 1c
critical advisory

UniFi Play Command Injection Vulnerability (CVE-2026-22563)

A malicious actor with access to the UniFi Play network can exploit improper input validation vulnerabilities (CVE-2026-22563) in UniFi Play PowerAmp and Audio Port to inject commands, potentially leading to arbitrary code execution.

command-injection unifi cve-2026-22563
2r 1t 1c 1i
high advisory

UniFi Network Controller Improper Certificate Verification Vulnerability (CVE-2019-25652)

UniFi Network Controller versions before 5.10.22 and 5.11.x before 5.11.18 contain an improper certificate verification vulnerability, enabling adjacent network attackers to perform man-in-the-middle attacks by presenting a fraudulent SSL certificate during SMTP connections to intercept traffic and steal credentials.

unifi mitm credential-theft cve-2019-25652
2r 2t
critical advisory

UniFi Network Application Vulnerabilities CVE-2026-22557 and CVE-2026-22558

A combination of path traversal (CVE-2026-22557) and NoSQL injection (CVE-2026-22558) vulnerabilities in the UniFi Network Application allows attackers to access files, escalate privileges, and potentially compromise the entire system.

unifi path-traversal nosql-injection cve-2026-22557 cve-2026-22558
2r 2t