SecurityWeek ·EN-US News source
Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
CVE Tools coverage
CISA says threat actors are targeting multiple critical vulnerabilities in Ubiquiti UniFi OS devices—tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 (CVSS 10.0)—which were patched by Ubiquiti last month. These issues include an authentication access control bypass (CVE-2026-34908), a path traversal that can enable manipulation of OS files to reach underlying accounts (CVE-2026-34909), and a command injection reachable over the network (CVE-2026-34910). Because UniFi OS is used for centralized infrastructure management, exploitation could enable attackers to gain footholds and move laterally; CISA added the three CVEs to its Known Exploited Vulnerabilities catalog, urging rapid remediation.