🔴 Critical  | Source: CISA Known Exploited Vulnerabilities
A command injection vulnerability in Ubiquiti UniFi OS allows an attacker with network access to execute arbitrary commands on affected devices. The flaw stems from improper input validation and has been confirmed as actively exploited, prompting CISA to add it to its Known Exploited Vulnerabilities catalogue. UniFi OS underpins a wide range of Ubiquiti networking hardware commonly deployed in enterprise and hybrid environments.
Security Architect’s Take: Audit your estate for any Ubiquiti UniFi devices running a vulnerable version of UniFi OS and apply vendor patches immediately — the CISA remediation deadline is 26 June 2026. Where patching is not immediately possible, restrict management-plane network access to UniFi controllers via firewall rules or a dedicated management VLAN to limit exposure.
Original advisory: CVE-2026-34910: Ubiquiti UniFi OS