Ubiquiti

CVE-2026-34908: Ubiquiti UniFi OS Access Control Flaw

🔴 Critical | Source: CISA Known Exploited Vulnerabilities A vulnerability in Ubiquiti’s UniFi OS allows anyone with network access to make unauthorised changes to affected devices without proper authentication or authorisation checks. This is actively being exploited in the wild, as confirmed by CISA’s inclusion in their Known Exploited Vulnerabilities catalogue. UniFi OS underpins a wide range of Ubiquiti networking hardware commonly deployed in enterprise and hybrid cloud environments, making the blast radius potentially significant. ...

23 June 2026 Â· ZX Cloud Security

CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Flaw

🔴 Critical | Source: CISA Known Exploited Vulnerabilities A path traversal vulnerability in Ubiquiti UniFi OS allows an attacker with network access to read files on the underlying system, potentially enabling them to compromise accounts. The flaw is listed on CISA’s Known Exploited Vulnerabilities catalogue, meaning it is actively being exploited in the wild. Organisations running UniFi network infrastructure should treat this as an urgent remediation priority. Security Architect’s Take: Audit your environment for any internet- or management-network-exposed UniFi OS devices and apply vendor patches immediately, with a hard deadline of 26 June 2026 per CISA guidance. As an interim control, restrict access to UniFi management interfaces to trusted, segmented management networks and enforce MFA on any administrative accounts. ...

23 June 2026 Â· ZX Cloud Security

CVE-2026-34910: Ubiquiti UniFi OS Command Injection

🔴 Critical | Source: CISA Known Exploited Vulnerabilities A command injection vulnerability in Ubiquiti UniFi OS allows an attacker with network access to execute arbitrary commands on affected devices. The flaw stems from improper input validation and has been confirmed as actively exploited, prompting CISA to add it to its Known Exploited Vulnerabilities catalogue. UniFi OS underpins a wide range of Ubiquiti networking hardware commonly deployed in enterprise and hybrid environments. ...

23 June 2026 Â· ZX Cloud Security

📬 Stay Informed

Get daily cloud security advisories delivered to your inbox.

Free. No spam. Unsubscribe anytime. Learn more