Ubiquiti UniFi OS Vulnerabilities Under Attack
Since the end of May 2026, critical security vulnerabilities in Ubiquiti UniFi OS have come to light. The manufacturer has released updated software to address these issues. However, some network administrators appear to be underestimating the seriousness of this situation, as attacks exploiting these weaknesses have been observed in the wild.
CISA’s Warning on Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added three significant security vulnerabilities in the Ubiquiti operating system to their “Known Exploited Vulnerabilities” catalog. This indicates that the agency is aware of active attacks against affected installations. The specific vulnerabilities being targeted include critical weaknesses that pose a serious risk to systems running Ubiquiti UniFi OS.
Overview of the Critical Vulnerabilities
Inadequate Access Control
One of the most severe vulnerabilities, identified as CVE-2026-34908, has a CVSS score of 10.0, marking it as critically high risk. Attackers with access to the local network can exploit poor access control on UniFi OS devices, enabling them to make unauthorized modifications. This gives malicious actors significant leverage over the affected systems.
Path Traversal Vulnerability
Another critical flaw, CVE-2026-34909, permits attackers to manipulate files in the underlying operating system. This Path Traversal vulnerability allows unauthorized access to sensitive files and gives hackers the ability to compromise system accounts. With a CVSS score of 10.0, it remains a significant threat.
Insufficient Input Validation
The third weakness, CVE-2026-34910, also receives a CVSS score of 10.0. This vulnerability stems from insufficient input validation, which allows attackers to inject arbitrary commands. Such exploitation can lead to unauthorized actions being executed on the device, resulting in severe repercussions for network integrity.
Recommendations for IT Professionals
In light of these vulnerabilities, IT administrators should take immediate action. It is crucial to check whether their Ubiquiti UniFi OS instances have been updated to at least version 5.1.12 or newer, or version 5.0.8 for UniFi OS Server. If not, administrators are urged to implement these updates without delay.
Currently, the CISA has provided no specific details regarding the attacks observed, leaving organizations vulnerable to undetected breaches. There are also no indications of successful compromises (Indicators of Compromise, IOC) available to assist admins in investigating their systems for signs of intrusion.
Additional Security Concerns
In addition to the vulnerabilities in Ubiquiti, CISA has raised alarms about another exploited weakness found in the Lantronix EDS5000. This issue involves an HTTP-RPC module that logs shell commands whenever login attempts fail. Attackers can potentially exploit the username parameter to execute commands with root privileges (CVE-2025-67038, CVSS 9.8). Organizations using affected versions should monitor for updates and apply them promptly.
Conclusion
With the ongoing threat landscape, vigilance is essential for all network administrators. Keeping software updated and being aware of vulnerabilities like those in Ubiquiti UniFi OS can be the difference between securing your network and suffering a potentially crippling attack. Organizations must stay informed and act decisively to mitigate these critical security risks.
