Ubiquiti has released fixes for five UniFi OS vulnerabilities, including three maximum-severity flaws that could let remote attackers make unauthorized changes, read files, or execute commands without privileges. The issues affect Internet-exposed UniFi OS devices and were reported through Ubiquiti’s HackerOne bug bounty program. #UniFiOS #CVE-2026-34908 #CVE-2026-34909 #CVE-2026-34910 #CVE-2026-33000 #CVE-2026-34911
Keypoints
- Ubiquiti patched three maximum-severity vulnerabilities in UniFi OS.
- CVE-2026-34908 could allow unauthorized changes through improper access control.
- CVE-2026-34909 could let attackers access files through path traversal.
- CVE-2026-34910 could enable command injection after network access is gained.
- Nearly 100,000 Internet-exposed UniFi OS endpoints are being tracked by Censys.