BleepingComputer ·EN-US News source
CISA warns of max severity Ubiquiti flaws exploited in attacks
CVE Tools coverage
CISA says threat actors are taking advantage of high-impact vulnerabilities in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers, putting networks at risk of takeover and data exposure. The Ubiquiti issues listed as Known Exploited Vulnerabilities are CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, which enable unauthorized changes, sensitive file access, and remote command execution, respectively; Bishop Fox also showed they can be chained for full remote code execution. For Lantronix, CVE-2025-67038 is a critical root-level command injection in HTTP RPC affecting EDS5000 firmware 2.1.0.0R3, with mitigation requiring an upgrade to EDS5000 version 2.2.0.0R1.