03 Jul, 2026

CISA warns of max severity Ubiquiti flaws exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. According to the BOD 26-04 directive, federal agencies have three days to apply available security updates or vendor-recommended mitigations. The Ubiquiti flaws that CISA added to its catalog of Known Exploited Vulnerabilities are: Ubiquiti released security updates for the […]

2 mins read

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in May and impact UniFi OS Server versions 5.0.6 and earlier. While all three flaws received the maximum severity […]

4 mins read