CISA Warns of Actively Exploited Ubiquiti Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are actively exploiting security flaws in Ubiquiti UniFi OS devices, posing a significant threat to system security. Federal agencies have just three days to apply crucial updates or recommended fixes to avoid potential breaches.

https://osintsights.com/cisa-warns-of-actively-exploited-ubiquiti-flaws?utm_source=mastodon&utm_medium=social

#Ubiquiti #Cisa #KnownExploitedVulnerabilities #Cve202634908 #Cve202634909

🚨 [CISA-2026:0623] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2025-67038 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-67038)
- Name: Lantronix EDS5000 Code Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Lantronix
- Product: EDS5000
- Notes: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2025-67038

⚠️ CVE-2026-34908 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34908)
- Name: Ubiquiti UniFi OS Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34908

⚠️ CVE-2026-34909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34909)
- Name: Ubiquiti UniFi OS Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34909

⚠️ CVE-2026-34910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34910)
- Name: Ubiquiti UniFi OS Improper Input Validation Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ubiquiti
- Product: UniFi OS
- Notes: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-34910

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260623 #cisa20260623 #cve_2025_67038 #cve_2026_34908 #cve_2026_34909 #cve_2026_34910 #cve202567038 #cve202634908 #cve202634909 #cve202634910

UniFi OS Bug Lets Hackers Gain Root Without Authentication

A critical bug in UniFi OS can be exploited by hackers to gain root access without any login credentials, user interaction, or prior access, putting your system at risk. Three vulnerabilities, now patched, can be chained together to allow remote code execution with root privileges.

https://osintsights.com/unifi-os-bug-lets-hackers-gain-root-without-authentication?utm_source=mastodon&utm_medium=social

#UnifiOs #Cve202634908 #Cve202634909 #Cve202634910 #RootShell

Ubiquiti Fixes Maximum-Severity UniFi OS Flaws

Ubiquiti has patched three critical vulnerabilities in UniFi OS that left nearly 100,000 Internet-exposed endpoints, including 50,000 in the US, open to remote attacks without requiring login credentials. The fixes address severe flaws that could allow unauthorized system changes, file access, and even command injection.

https://osintsights.com/ubiquiti-fixes-maximum-severity-unifi-os-flaws?utm_source=mastodon&utm_medium=social

#Ubiquiti #UnifiOs #Cve202634908 #Cve202634909 #Cve202634910