Skip to content
Tech News
← Back to articles

CISA warns of max severity Ubiquiti flaws exploited in attacks

2026-06-24 | original
read original more articles
Why This Matters

The CISA warning highlights critical vulnerabilities in Ubiquiti UniFi OS and Lantronix servers that are actively being exploited by hackers, posing significant risks of remote system compromise. This underscores the urgent need for organizations to apply security patches promptly to protect sensitive data and maintain network integrity, emphasizing the importance of proactive cybersecurity measures in the industry. The incident also demonstrates the evolving threat landscape and the necessity for continuous vulnerability management.

Key Takeaways

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers.

According to the BOD 26-04 directive, federal agencies have three days to apply available security updates or vendor-recommended mitigations.

The Ubiquiti flaws that CISA added to its catalog of Known Exploited Vulnerabilities are:

CVE-2026-34908 : an access control bypass flaw that allows an unauthenticated attacker to make unauthorized changes to a UniFi OS system, potentially leading to full system compromise.

: an access control bypass flaw that allows an unauthenticated attacker to make unauthorized changes to a UniFi OS system, potentially leading to full system compromise. CVE-2026-34909 : a directory/path traversal vulnerability that allows an attacker to access sensitive files on the underlying operating system, potentially exposing configuration files, credentials, and other sensitive data that could facilitate account takeover.

: a directory/path traversal vulnerability that allows an attacker to access sensitive files on the underlying operating system, potentially exposing configuration files, credentials, and other sensitive data that could facilitate account takeover. CVE-2026-34910: an improper input validation flaw that enables an attacker to inject and execute arbitrary operating system commands, potentially leading to remote code execution and complete system takeover.

Ubiquiti released security updates for the three vulnerabilities in May, warning that they could be exploited remotely without privileges.

Researchers at Bishop Fox later demonstrated that the three flaws could be chained to achieve full remote code execution with elevated privileges on vulnerable UniFi OS devices.

Bishop Fox has also released a free detection script on GitHub to help defenders discover vulnerable instances in their environment.

The security issue exploited in Lantronix servers is tracked as CVE-2025-67038, and is a critical-severity root-level command injection affecting model EDS5000 running firmware 2.1.0.0R3.

... continue reading

Explore topics: ubiquiti cisa unifi os lantronix cve-2026
Related:
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CISA warns Fortinet users to secure devices after FortiBleed leak

© 2026 GoKawiil

About | Editorial Policy | Contact