🔴 Critical | Source: CISA Known Exploited Vulnerabilities
A vulnerability in Ubiquiti’s UniFi OS allows anyone with network access to make unauthorised changes to affected devices without proper authentication or authorisation checks. This is actively being exploited in the wild, as confirmed by CISA’s inclusion in their Known Exploited Vulnerabilities catalogue. UniFi OS underpins a wide range of Ubiquiti networking hardware commonly deployed in enterprise and hybrid cloud environments, making the blast radius potentially significant.
Security Architect’s Take: Immediately audit your environment for internet- or network-exposed Ubiquiti UniFi devices and apply vendor patches before the 26 June 2026 CISA remediation deadline. Where patching cannot be done immediately, enforce strict network segmentation to isolate UniFi management interfaces from untrusted network segments and restrict access via firewall rules or a dedicated management VLAN.
Original advisory: CVE-2026-34908: Ubiquiti UniFi OS