{"vulnerability": "CVE-2026-3490", "sightings": [{"uuid": "0bb25315-ab97-47b1-a2d1-e6782cbb2498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34904", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mivjysy4ag27", "content": "", "creation_timestamp": "2026-04-07T10:10:20.293052Z"}, {"uuid": "879e25a8-5020-4b90-b9d0-989d2eb9926f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34903", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mivktshy7a2s", "content": "", "creation_timestamp": "2026-04-07T10:25:25.390990Z"}, {"uuid": "dac626e0-947f-4741-8942-a3bc1a9f286e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34904", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mivlfpd3jr2t", "content": "", "creation_timestamp": "2026-04-07T10:35:35.524890Z"}, {"uuid": "8d39becc-4676-4020-81b8-01ba4c254cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34904", "type": "seen", "source": "Telegram/_n08nA6gbjlNv-MhQAiKQpGqaP4NEyFlWKUx0Red_uQOWHE", "content": "", "creation_timestamp": "2026-04-07T13:55:24.000000Z"}, {"uuid": "00f67abd-e059-4433-aa5c-aca19a47b774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34909", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116617053903196416", "content": "\ud83d\udd12 CRITICAL: CVE-2026-34909 - Path Traversal in Ubiquiti UniFi OS Server (CVSS 10). Allows arbitrary file access & manipulation. No patch yet \u2014 restrict access & monitor! Details: https://radar.offseq.com/threat/cve-2026-34909-cwe-22-path-traversal-in-ubiquiti-i-4d93b8c5 #OffSeq #UniFi #Vuln #BlueTeam", "creation_timestamp": "2026-05-22T07:30:27.944130Z"}, {"uuid": "6d4dae7a-883e-4b62-9541-65ca6703adfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34909", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmgg2g4mix26", "content": "\u26a0\ufe0f Ubiquiti UniFi OS Server hit by critical Path Traversal flaw (CVSS 10). No patch yet \u2014 restrict access, monitor for threats. Full system compromise possible. https://radar.offseq.com/threat/cve-2026-34909-cwe-22-path-traversal-in-ubiquiti-i-4d93b8c5 #OffSeq #UniFi #SecurityAlert", "creation_timestamp": "2026-05-22T07:30:29.565922Z"}, {"uuid": "0a269d56-6c8e-4a88-97a0-e7d6f9026245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://t.me/true_secator/8245", "content": "Ubiquiti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 UniFi OS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\nUniFi OS - \u044d\u0442\u043e \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u044f\u0445 UniFi \u0438 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0435\u0442\u0438, \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 UniFi, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a UniFi Network, UniFi Protect, UniFi Access, UniFi Talk \u0438 UniFi Connect.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-34908 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 UniFi OS.\u0451\n\n\u0412\u0442\u043e\u0440\u0430\u044f (CVE-2026-34909) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 (Path Traversal), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2026-34910) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Ubiquiti \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0442\u043e\u0440\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 (CVE-2026-33000) \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CVE-2026-34911), \u043e\u0431\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 Unifi OS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442, \u0431\u044b\u043b\u0438 \u043b\u0438 \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043e \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a HackerOne.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Censys \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 100 000 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0441\u0435\u0442\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 UniFi OS, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 (\u043f\u043e\u0447\u0442\u0438 50 000 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432) \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432 \u0421\u0428\u0410.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043d\u0438\u0445 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f Ubiquiti \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u043c\u0438\u0448\u0435\u043d\u044f\u043c\u0438 \u043a\u0430\u043a APT-\u0433\u0440\u0443\u043f\u043f, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0438\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432, \u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.", "creation_timestamp": "2026-05-26T16:30:06.000000Z"}, {"uuid": "31dcd43b-6805-4c13-9927-4e7a366359d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://t.me/true_secator/8245", "content": "Ubiquiti \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 UniFi OS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0431\u0435\u0437 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\nUniFi OS - \u044d\u0442\u043e \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u041e\u0421, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u044f\u0445 UniFi \u0438 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0418\u0422-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u0435\u0442\u0438, \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 UniFi, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a UniFi Network, UniFi Protect, UniFi Access, UniFi Talk \u0438 UniFi Connect.\n\n\u041f\u0435\u0440\u0432\u0430\u044f CVE-2026-34908 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u043e\u0441\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432 UniFi OS.\u0451\n\n\u0412\u0442\u043e\u0440\u0430\u044f (CVE-2026-34909) \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c \u0432 \u0431\u0430\u0437\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 (Path Traversal), \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVE-2026-34910) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Ubiquiti \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0432\u0442\u043e\u0440\u0443\u044e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 (CVE-2026-33000) \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0432\u0430\u0436\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CVE-2026-34911), \u043e\u0431\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u0431\u0430\u0437\u0435 Unifi OS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043f\u043e\u043a\u0430 \u043d\u0435 \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u0442, \u0431\u044b\u043b\u0438 \u043b\u0438 \u043a\u0430\u043a\u0438\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043e \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u043d\u043e \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043e\u043a HackerOne.\n\n\u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Censys \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u0447\u0442\u0438 100 000 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0445 \u043a \u0441\u0435\u0442\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 UniFi OS, \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 (\u043f\u043e\u0447\u0442\u0438 50 000 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432) \u0440\u0430\u0441\u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442\u0441\u044f \u0432 \u0421\u0428\u0410.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043d\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0442\u043e\u043c, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043d\u0438\u0445 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043e\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u043e\u043c\u043d\u0438\u0442\u044c, \u0447\u0442\u043e \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0433\u043e\u0434\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f Ubiquiti \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u043c\u0438\u0448\u0435\u043d\u044f\u043c\u0438 \u043a\u0430\u043a APT-\u0433\u0440\u0443\u043f\u043f, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0438\u0445 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432, \u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.", "creation_timestamp": "2026-05-26T16:30:06.000000Z"}, {"uuid": "e1845c80-1af4-41a5-81b4-3477bd5bf639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-ubiquiti-has-addressed-multiple-critical-vulnerabilities-unifi-os-patch", "content": "", "creation_timestamp": "2026-05-26T09:13:20.000000Z"}, {"uuid": "28ae5e00-67bb-4f53-99e1-06a89f6569d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-ubiquiti-has-addressed-multiple-critical-vulnerabilities-unifi-os-patch", "content": "", "creation_timestamp": "2026-05-26T09:13:20.000000Z"}, {"uuid": "43d4906d-cd8a-4607-9365-148ef09a7e05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://www.acn.gov.it/portale/w/ubiquiti-rilevate-nuove-vulnerabilita-1", "content": "", "creation_timestamp": "2026-05-27T06:38:42.000000Z"}, {"uuid": "bd4d8905-b066-4368-b3c9-82d7cb5b0c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://www.acn.gov.it/portale/w/ubiquiti-rilevate-nuove-vulnerabilita-1", "content": "", "creation_timestamp": "2026-05-27T06:38:42.000000Z"}, {"uuid": "a22af2ee-4cce-49a0-912b-b19ad3e98154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34906", "type": "seen", "source": "https://cert.pl/en/posts/2026/06/CVE-2026-34906", "content": "", "creation_timestamp": "2026-06-02T03:55:00.000000Z"}, {"uuid": "75c3554c-a621-4441-b4c6-9272106999b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34907", "type": "seen", "source": "https://cert.pl/en/posts/2026/06/CVE-2026-34906", "content": "", "creation_timestamp": "2026-06-02T03:55:00.000000Z"}, {"uuid": "fdf3f8ca-24e7-423f-a009-17624d96f3aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34906", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116680047071361908", "content": "\ud83d\udea8 CRITICAL: CVE-2026-34906 in Simple SA Wirtualna Uczelnia enables unauthenticated RCE via SSTI in redirectToUrl. No patch yet \u2014 restrict access & monitor for exploitation. https://radar.offseq.com/threat/cve-2026-34906-cwe-1336-improper-neutralization-of-6a6ef566 #OffSeq #CVE202634906 #infosec #RCE", "creation_timestamp": "2026-06-02T10:30:28.967652Z"}, {"uuid": "e08a96fc-c3c5-4a29-9e29-8de68861b777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34906", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnciskfj652j", "content": "CVE-2026-34906 - Server-Side Template Injection (SSTI) in Wirtualna Uczelnia\nCVE ID : CVE-2026-34906\n \n Published : June 2, 2026, 10:16 a.m. | 57\u00a0minutes ago\n \n Description : Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perf...", "creation_timestamp": "2026-06-02T11:34:19.159091Z"}, {"uuid": "2750fb37-eb81-4558-90ca-5ae3e4818f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34907", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnconxngwd2f", "content": "CVE-2026-34907 - Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia\nCVE ID : CVE-2026-34907\n \n Published : June 2, 2026, 10:16 a.m. | 2\u00a0hours, 16\u00a0minutes ago\n \n Description : Wirtualna Uczelnia is vulnerable to Reflected Cross\u2011Site Scripting (XSS) due to insecure handl...", "creation_timestamp": "2026-06-02T13:19:07.580280Z"}, {"uuid": "6dfa1620-499d-4c0a-b2c6-bae89f204854", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnsb66zos427", "content": "UniFi OS Server flaws CVE-2026-34908, -34909, and -34910 can be chained for unauthenticated root RCE. Bishop Fox released detection guidance, and version 5.0.8+ fixes the issue. #UniFiOSServer #BishopFox #CVE2026", "creation_timestamp": "2026-06-08T18:00:16.104306Z"}, {"uuid": "f184255e-657a-48d7-8ae9-7ab91f28cc9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-34908", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mnsmvnetss2e", "content": "\ud83d\udce2 RCE non authentifi\u00e9e sur UniFi OS Server : cha\u00eene de vuln\u00e9rabilit\u00e9s CVSS 10.0 (CVE-2026-34908/09/10)\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nLe 5 juin 20\u2026\nhttps://cyberveille.ch/posts/2026-06-08-rce-non-authentifiee-sur-unifi-os-server-chaine-de-vulnerabilites-cvss-10-0-cve-2026-34908-09-10/ #CVE_2026_33000 #Cyberveille", "creation_timestamp": "2026-06-08T21:30:13.368588Z"}, {"uuid": "151de027-0659-4671-ac65-c81f953afdd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34905", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mntp3uzupp2m", "content": "CVE-2026-34905: Apache Answer: Unlisted Questions Accessible via Direct API Access", "creation_timestamp": "2026-06-09T07:42:09.950792Z"}, {"uuid": "b17c8ad4-bf73-4ed7-8e6e-12728659b0b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116719977777948801", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/", "creation_timestamp": "2026-06-09T11:45:20.896392Z"}, {"uuid": "c09dd812-fa61-4898-ba8b-93a8e3adef35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116719977777948801", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. https://www.bleepingcomputer.com/news/security/critical-unifi-os-bug-lets-hackers-gain-root-without-authentication/", "creation_timestamp": "2026-06-09T11:45:21.061604Z"}, {"uuid": "d0018ceb-ff28-4231-b8ab-1b94293bb032", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3mnu4pot3nk2c", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. www.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-06-09T11:45:54.671903Z"}, {"uuid": "b09ea98a-babf-437c-a519-5e3f8d2fcee4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3mnu4pot3nk2c", "content": "The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. www.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-06-09T11:45:54.834623Z"}, {"uuid": "0db5aed6-e2e1-4b7d-93eb-83d63e46657a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34902", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mofybxl2vi2a", "content": "CVE-2026-34902 - Stored XSS in WooCommerce Product Table Lite <=4.6.3. Unauthenticated. CVSS 7.1. No patch available yet. Disable the plugin or restrict access now. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-34902/", "creation_timestamp": "2026-06-16T14:14:33.373702Z"}, {"uuid": "04957fd8-66cc-4a85-a6bd-727b28f84d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3490", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiuynehzl2h", "content": "CVE-2026-3490 - picklescan - Universal Blocklist Bypass via pkgutil.resolve_name\nCVE ID : CVE-2026-3490\n \n Published : June 17, 2026, 3:05 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass t...", "creation_timestamp": "2026-06-17T17:53:38.282961Z"}, {"uuid": "86504311-5bab-4452-bc54-51c879d7a1d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3490", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-vvpj-8cmc-gx39", "content": "", "creation_timestamp": "2026-03-03T20:04:20.000000Z"}, {"uuid": "68b97190-65d3-4c3e-880e-28175f610c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "published-proof-of-concept", "source": "Telegram/W-BstS2sxzpT1SDkHyjlsIamuXXiBOcPBpT1K5nG9xwff0M", "content": "", "creation_timestamp": "2026-06-06T03:00:05.000000Z"}, {"uuid": "825ffb7a-47c4-4a4a-863c-d61e49021170", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "published-proof-of-concept", "source": "Telegram/1Tp9gAYieV3gt1d0MoBY64nHqDv_m6V6jL0j-bOBPsb9Bgk", "content": "", "creation_timestamp": "2026-06-05T23:00:15.000000Z"}, {"uuid": "4fbdcd6c-0358-4e59-8cb2-739a6a2f1bec", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ba2de44b-a107-41a8-8b70-492e99f4ec6f", "content": "", "creation_timestamp": "2026-06-19T12:45:07.737361Z"}, {"uuid": "f17e369f-8660-4503-867a-3badaa0db5a6", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/30343c68-c9cc-40e9-9f19-463f65b5e267", "content": "", "creation_timestamp": "2026-06-19T12:45:07.828608Z"}, {"uuid": "04b8a562-40f5-4180-82ec-b8dce947aa21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moxejgzkg22n", "content": "Ubiquiti\u88fd\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306e\u300cUniFi OS\u300d\u306b\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027\n\nUbiquiti\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b\u300cUniFi OS\u300d\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u5224\u660e\u3057\u305f\u3002\u6df1\u523b\u306a\u8106\u5f31\u6027\u3082\u8907\u6570\u542b\u307e\u308c\u308b\u3002\n\n...\n\n\u300cCVE-2026-34908\u300d\u306f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u4e0d\u5099\u306e\u8106\u5f31\u6027\u3002\u30ea\u30e2\u30fc\u30c8\u3088\u308a\u8a8d\u8a3c\u3092\u5fc5\u8981\u3068\u3059\u308b\u3053\u3068\u306a\u304f\u30b7\u30b9\u30c6\u30e0\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3067\u304d\u308b\u3002\n\n\u3055\u3089\u306b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u300cCVE-2026-34909\u300d\u3084\u3001\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u300cCVE-2026-34910\u300d\u306a\u3069\u3082\u78ba\u8a8d\u3055\u308c\u305f\u3002", "creation_timestamp": "2026-06-23T12:08:44.467052Z"}, {"uuid": "169fe41d-d223-42fd-8f2a-1ed16da6080c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3moxejgzkg22n", "content": "Ubiquiti\u88fd\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306e\u300cUniFi OS\u300d\u306b\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027\n\nUbiquiti\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306b\u642d\u8f09\u3055\u308c\u3066\u3044\u308b\u300cUniFi OS\u300d\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u5224\u660e\u3057\u305f\u3002\u6df1\u523b\u306a\u8106\u5f31\u6027\u3082\u8907\u6570\u542b\u307e\u308c\u308b\u3002\n\n...\n\n\u300cCVE-2026-34908\u300d\u306f\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u4e0d\u5099\u306e\u8106\u5f31\u6027\u3002\u30ea\u30e2\u30fc\u30c8\u3088\u308a\u8a8d\u8a3c\u3092\u5fc5\u8981\u3068\u3059\u308b\u3053\u3068\u306a\u304f\u30b7\u30b9\u30c6\u30e0\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3067\u304d\u308b\u3002\n\n\u3055\u3089\u306b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u300cCVE-2026-34909\u300d\u3084\u3001\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u300cCVE-2026-34910\u300d\u306a\u3069\u3082\u78ba\u8a8d\u3055\u308c\u305f\u3002", "creation_timestamp": "2026-06-23T12:08:44.510243Z"}, {"uuid": "03ebf660-2656-4a22-90c1-16b8b499faa3", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/de3af882-4d92-4a98-a92c-c025d4818825", "content": "", "creation_timestamp": "2026-06-23T14:02:58.876169Z"}, {"uuid": "45981302-29a2-4eab-9d2d-82ab25e71220", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4c2ac14b-8057-44c2-8780-186c987089b2", "content": "", "creation_timestamp": "2026-06-23T14:02:58.967058Z"}, {"uuid": "3ce3b00f-6b6b-4804-b078-44dcf855c4d2", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ae12d4e6-8e25-4665-9581-2d437ce5b644", "content": "", "creation_timestamp": "2026-06-23T18:00:02.510704Z"}, {"uuid": "16fa22c9-ad7c-44a0-a5c4-025bb5c65836", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bf6acc59-fb29-4fa8-8d1c-f32c78f9f8f3", "content": "", "creation_timestamp": "2026-06-23T18:00:02.589393Z"}, {"uuid": "69f3d3d4-bcfb-4982-bc4c-615541c205fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://bsky.app/profile/cvesentinel.bsky.social/post/3moxyrlwezv2m", "content": "\ud83d\uded1 CVE-2026-34909\nUbiquiti UniFi OS\nCVSS 10.0 / EPSS 1% / KEV: No\nTL;DR: A malicious actor with access to the network could exploit a Path Traversal vulnerabilit\u2026\nhttps://cvesentinel.com/report/CVE-2026-34909?utm_source=bluesky&utm_medium=social&utm_campaign=cvesentinel\n#infosec #CVE #vulnerability", "creation_timestamp": "2026-06-23T18:11:12.920736Z"}, {"uuid": "fc5fde66-33b5-4856-b825-1071b5c65b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6817244", "content": "2026-06-23: [CVE-2026-34908] Ubiquiti UniFi OS Improper Access Control VulnerabilityUbiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.\ncisakev", "creation_timestamp": "2026-06-23T18:43:00.320273Z"}, {"uuid": "7331b005-6192-41ad-ab4e-6976e3d5d208", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6817245", "content": "2026-06-23: [CVE-2026-34909] Ubiquiti UniFi OS Path Traversal VulnerabilityUbiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.\ncisakev", "creation_timestamp": "2026-06-23T18:43:01.422610Z"}, {"uuid": "42611f6b-c1df-4f6f-837c-820d24c73ffe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116800974631729730", "content": "CISA has updated the KEV catalogue:\n-  CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34908\n-  CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34909\n-  CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34910\n-  CVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-67038 #CISA #infosec #vulnerability", "creation_timestamp": "2026-06-23T19:03:54.837105Z"}, {"uuid": "f2b607c5-c715-4663-a5c0-2b1d8217c417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116800974631729730", "content": "CISA has updated the KEV catalogue:\n-  CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34908\n-  CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34909\n-  CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34910\n-  CVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-67038 #CISA #infosec #vulnerability", "creation_timestamp": "2026-06-23T19:03:54.878391Z"}, {"uuid": "7cb56bc8-6441-4a40-8aa4-6b75c2eecded", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moy6knfu2c2z", "content": "\ud83d\udd34 EXPLOITED\n\nPatched in May. Being exploited in June.\n\nIf you self-host UniFi OS Server, anyone who can reach its web page can get root with no login.\n\nUpdate to 5.0.8 now and lock down who can reach it. (CVE-2026-34908/909/910)", "creation_timestamp": "2026-06-23T19:54:42.525621Z"}, {"uuid": "240910f6-3896-4ca8-a228-dc6928f0611d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/ubiquiti-security-advisory-av26-498", "content": "", "creation_timestamp": "2026-06-23T13:14:02.000000Z"}, {"uuid": "e2c4c5d4-643d-49be-ab58-850dbe136681", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-34909", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/ubiquiti-security-advisory-av26-498", "content": "", "creation_timestamp": "2026-06-23T13:14:02.000000Z"}, {"uuid": "6b329ed0-1a0b-45e5-8749-c45797d7d246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mozwu5rpct2w", "content": "Threat actors exploited three critical Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908/34909/34910) to bypass authentication, access/manipulate files, and execute command injection.\n", "creation_timestamp": "2026-06-24T12:42:25.590280Z"}, {"uuid": "0db9a27c-77c1-4a21-8c24-885758effb30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116805325963552354", "content": "CRITICAL UniFi OS vulnerabilities (CVE-2026-34908/09/10) allow remote, unauthenticated attackers to bypass auth and execute commands (pre-5.0.8). Exploited in the wild. Patch ASAP: https://radar.offseq.com/threat/critical-ubiquiti-vulnerabilities-in-attackers-cro-da638630474e46d7 #OffSeq #infosec #Ubiquiti #vulnerability", "creation_timestamp": "2026-06-24T13:30:31.472177Z"}, {"uuid": "0c6c25e1-59ba-479d-88aa-4059c689923e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-34908", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mp242uf3ov2y", "content": "CISA added 3 actively exploited Ubiquiti UniFi OS flaws, including CVE-2026-34908, -34909, and -34910. BishopFox says chained bugs can bypass auth, inject commands, and enable rogue admin creation. #Ubiquiti #UniFiOS #CISA", "creation_timestamp": "2026-06-24T14:15:24.622472Z"}]}