RSS

Ubiquiti patches three max severity UniFi OS vulnerabilities

kmfrk2 pts1 comments

Ubiquiti patches three max severity UniFi OS vulnerabilities

Home<br>News<br>Security<br>Ubiquiti patches three max severity UniFi OS vulnerabilities

Ubiquiti patches three max severity UniFi OS vulnerabilities

By Sergiu Gatlan

May 22, 2026

08:00 AM

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.

UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi Protect, UniFi Access, UniFi Talk, and UniFi Connect.

The first flaw (CVE-2026-34908) enables attackers to make unauthorized changes to targeted systems by exploiting an Improper Access Control weakness in UniFi OS, while the second (CVE-2026-34909) allows them to access files on the underlying system by abusing a Path Traversal vulnerability, which could be manipulated to access an underlying account.

A third maximum severity security issue (CVE-2026-34910) makes it possible for malicious actors to launch a command injection attack after gaining network access by exploiting an Improper Input Validation vulnerability.

On Thursday, Ubiquiti also patched a second critical command injection flaw (CVE-2026-33000) and a high-severity information disclosure (CVE-2026-34911), both affecting Unifi OS devices.

Ubiquiti has yet to disclose whether any of the five vulnerabilities were exploited in the wild before disclosure, but shared that they can be exploited in low-complexity attacks and were reported through its HackerOne bug bounty program.

At the moment, threat intelligence company Censys is tracking nearly 100,000 Internet-exposed UniFi OS endpoints, most of them (nearly 50,000 IP addresses) found in the United States.

However, there is currently no information on how many have been secured against potential attacks targeting the vulnerabilities Ubiquiti patched this week.

UniFi OS endpoints exposed online (Censys)

​In March, Ubiquiti patched another maximum-severity flaw (CVE-2026-22557) in the UniFi Network Application that may allow attackers to take over user accounts, as well as a vulnerability (CVE-2026-22558) that can be exploited to escalate privileges.

Ubiquiti products have been targeted by both state-backed hacking groups and cybercriminals in recent years, in campaigns that hijacked them to build botnets that concealed the threat actors' malicious activity.

For instance, in February 2024, the FBI took down Moobot, a botnet of hacked Ubiquiti Edge OS routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic in cyberespionage attacks targeting the United States and its allies.

Four years ago, in April 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added a critical command injection flaw (CVE-2010-5330) in Ubiquiti AirOS to its catalog of actively exploited vulnerabilities and ordered federal agencies to secure their devices within three weeks.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.<br>This guide covers the 6 surfaces you actually need to validate.

Download Now

Related Articles:

Max severity Ubiquiti UniFi flaw may allow account takeover<br>Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign<br>Drupal: Critical SQL injection flaw now targeted in attacks<br>Max severity Cisco Secure Workload flaw gives Site Admin privileges<br>Hackers bypass SonicWall VPN MFA due to incomplete patching

Network

Ubiquiti

UniFi

Vulnerability

Sergiu Gatlan

Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article

Next Article

Comments

scpcguy - 3 days ago

Thanks for the reporting on this. Minor thing, but a quick find/replace to change a couple instances of "Unify" to "UniFi" are in order.

serghei - 3 days ago

Thanks, fixed!

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

Laravel Lang packages hijacked to deploy credential-stealing malware

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Sponsor Posts

Patch management isn't enough. See why privilege is defining security risk today.

Overdue a password health-check? Audit your Active Directory for free

33% Rise in Healthcare Credential Theft in 2025: What you need to know

Protect Your Business from Ecommerce Fraud

Upcoming...

unifi ubiquiti severity flaw vulnerabilities exploited

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.