The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of active exploitation of four critical vulnerabilities affecting Ubiquiti UniFi OS and Lantronix EDS5000 devices. The Ubiquiti vulnerabilities are CVE-2026-34908 (access control bypass), CVE-2026-34909 (directory/path traversal), and CVE-2026-34910 (improper input validation enabling remote code execution). These flaws can be chained to achieve full system compromise remotely without authentication. Ubiquiti released security updates in May 2026 addressing these issues. The Lantronix vulnerability CVE-2025-67038 is a root-level command injection in the HTTP RPC module of EDS5000 firmware 2.1.0.0R3, patched in version 2.2.0.0R1. CISA added these vulnerabilities to its Known Exploited Vulnerabilities catalog and mandated rapid patching for federal agencies. No detailed exploitation data or ransomware campaign links have been disclosed.

Successful exploitation of the Ubiquiti vulnerabilities can lead to unauthorized changes to UniFi OS systems, exposure of sensitive files including credentials, and full remote code execution with elevated privileges, resulting in complete system takeover. The Lantronix vulnerability allows root-level command injection via unsanitized input in the HTTP RPC module, enabling full system compromise. These vulnerabilities pose a significant risk of unauthorized access, data exposure, and control over affected devices.

Security updates addressing all identified vulnerabilities have been released by Ubiquiti (May 2026) and Lantronix (firmware version 2.2.0.0R1). System administrators should apply these patches immediately. Federal agencies are required by CISA's BOD 26-04 directive to apply available updates or vendor-recommended mitigations within three days. Additionally, Bishop Fox has provided a free detection script to identify vulnerable UniFi OS instances. No vendor advisory states that no action is required; therefore, prompt patching is the primary mitigation.