🔴 Critical | Source: CISA Known Exploited Vulnerabilities
A path traversal vulnerability in Ubiquiti UniFi OS allows an attacker with network access to read files on the underlying system, potentially enabling them to compromise accounts. The flaw is listed on CISA’s Known Exploited Vulnerabilities catalogue, meaning it is actively being exploited in the wild. Organisations running UniFi network infrastructure should treat this as an urgent remediation priority.
Security Architect’s Take: Audit your environment for any internet- or management-network-exposed UniFi OS devices and apply vendor patches immediately, with a hard deadline of 26 June 2026 per CISA guidance. As an interim control, restrict access to UniFi management interfaces to trusted, segmented management networks and enforce MFA on any administrative accounts.
Original advisory: CVE-2026-34909: Ubiquiti UniFi OS