Threat actors are actively exploiting three critical Ubiquiti UniFi OS vulnerabilities, prompting CISA to add CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to its Known Exploited Vulnerabilities catalog. BishopFox confirmed the flaws can be chained to bypass authentication and achieve command injection, potentially enabling rogue admin creation and lateral movement in enterprise networks. #Ubiquiti #UniFiOS #CVE-2026-34908 #CVE-2026-34909 #CVE-2026-34910 #BishopFox #CISA
Keypoints
- CISA warned that three critical Ubiquiti flaws are being exploited in the wild.
- The vulnerabilities are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910.
- Ubiquiti patched the issues in UniFi OS Server 5.0.8 last month.
- BishopFox showed the bugs can bypass authentication and lead to command injection.
- CISA added the flaws to its KEV catalog and ordered rapid patching by federal agencies.
Read More: https://www.securityweek.com/critical-ubiquiti-vulnerabilities-in-attackers-crosshairs/