Active Exploitation of Ubiquiti UniFi OS Flaws Prompts Urgent CISA Directive

CISA warns that attackers are actively exploiting at least one Ubiquiti UniFi OS vulnerability and gives federal agencies until June 26 to patch.

CSBadmin
2 Min Read

Critical Access Control Flaw Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities in Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation of at least one flaw. The most severe issue, tracked as CVE-2026-34908, involves improper access control. An attacker with network access can use this weakness to alter system configurations, disable security features, or manipulate network behavior within affected environments. CISA is requiring federal civilian agencies to apply patches by June 26, 2026, under Binding Operational Directive (BOD) 26-04, and strongly urging all organizations running UniFi deployments to assess their risk and prioritize updates.

Chained Vulnerabilities Enable Deep Compromise

CISA flagged two additional vulnerabilities that attackers could chain with the access control flaw for more extensive compromise. CVE-2026-34909 is a path traversal issue that allows authenticated or local attackers with network access to read or modify files on the underlying system, potentially leading to account takeover. CVE-2026-34910 is an improper input validation bug enabling command injection, giving attackers the ability to run arbitrary commands once a foothold is established. While there is no confirmed evidence these specific flaws are being used in ransomware campaigns, CISA warns the access they provide aligns with common ransomware operator tactics. Compromised UniFi controllers or gateways could serve as entry points for credential harvesting, network pivoting, traffic manipulation, or lateral movement within internal networks.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.