CVE Tools
Back to feed
SecurityWeek ·EN-US News source

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs

By Ionut Arghire··2 min read
CVE Tools coverage

CISA says threat actors are targeting multiple critical vulnerabilities in Ubiquiti UniFi OS devices—tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 (CVSS 10.0)—which were patched by Ubiquiti last month. These issues include an authentication access control bypass (CVE-2026-34908), a path traversal that can enable manipulation of OS files to reach underlying accounts (CVE-2026-34909), and a command injection reachable over the network (CVE-2026-34910). Because UniFi OS is used for centralized infrastructure management, exploitation could enable attackers to gain footholds and move laterally; CISA added the three CVEs to its Known Exploited Vulnerabilities catalog, urging rapid remediation.