Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
Multiple critical vulnerabilities were discovered in Ubiquiti UniFi OS devices allowing remote, unauthenticated attackers to bypass authentication, access system files, create rogue administrator accounts, and execute arbitrary commands. These flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, have a CVSS score of 10.0 and were patched in UniFi OS Server version 5.0.8. The vulnerabilities include an authentication gateway bypass, path traversal, and command injection. Exploitation could enable attackers to make unauthorized system changes and move laterally within enterprise networks. The US CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog and urges rapid patching. Reports indicate these bugs were exploited in the wild prior to patch availability.
AI Analysis
Technical Summary
Three critical vulnerabilities in Ubiquiti UniFi OS devices (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) allow remote unauthenticated attackers to bypass authentication via crafted requests exploiting how NGINX processes them, perform path traversal to access and manipulate OS files, and conduct command injection through improper input validation of package names during updates. These combined flaws enable attackers to create rogue administrator accounts and execute arbitrary commands remotely. A variant requiring authentication (CVE-2026-33000) also exists. Ubiquiti patched these issues in UniFi OS Server version 5.0.8 released on May 21, 2026. CISA added these vulnerabilities to its KEV catalog, mandating patching within three days for federal agencies. Analysis by BishopFox confirmed the authentication bypass and command injection on version 5.0.6. The vulnerabilities pose significant risk as UniFi OS devices centrally manage network infrastructure, facilitating potential lateral movement in enterprise environments.
Potential Impact
Successful exploitation allows remote unauthenticated attackers to bypass authentication controls, make unauthorized system changes, access and manipulate underlying operating system files, create rogue administrator accounts, and execute arbitrary commands on UniFi OS devices. This compromises device integrity and confidentiality, potentially enabling attackers to move laterally within enterprise networks managed by these devices. The vulnerabilities have a maximum CVSS score of 10.0, indicating critical severity. Exploitation has been reported in the wild prior to patch availability, increasing risk to affected organizations.
Mitigation Recommendations
Ubiquiti released patches addressing these vulnerabilities in UniFi OS Server version 5.0.8 on May 21, 2026. Organizations should promptly update to this version or later to remediate the issues. The US CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog and recommends patching within three days. No alternative mitigations or workarounds are indicated. Patch status is confirmed as official fix available in version 5.0.8.
Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
Description
Multiple critical vulnerabilities were discovered in Ubiquiti UniFi OS devices allowing remote, unauthenticated attackers to bypass authentication, access system files, create rogue administrator accounts, and execute arbitrary commands. These flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, have a CVSS score of 10.0 and were patched in UniFi OS Server version 5.0.8. The vulnerabilities include an authentication gateway bypass, path traversal, and command injection. Exploitation could enable attackers to make unauthorized system changes and move laterally within enterprise networks. The US CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog and urges rapid patching. Reports indicate these bugs were exploited in the wild prior to patch availability.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Three critical vulnerabilities in Ubiquiti UniFi OS devices (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) allow remote unauthenticated attackers to bypass authentication via crafted requests exploiting how NGINX processes them, perform path traversal to access and manipulate OS files, and conduct command injection through improper input validation of package names during updates. These combined flaws enable attackers to create rogue administrator accounts and execute arbitrary commands remotely. A variant requiring authentication (CVE-2026-33000) also exists. Ubiquiti patched these issues in UniFi OS Server version 5.0.8 released on May 21, 2026. CISA added these vulnerabilities to its KEV catalog, mandating patching within three days for federal agencies. Analysis by BishopFox confirmed the authentication bypass and command injection on version 5.0.6. The vulnerabilities pose significant risk as UniFi OS devices centrally manage network infrastructure, facilitating potential lateral movement in enterprise environments.
Potential Impact
Successful exploitation allows remote unauthenticated attackers to bypass authentication controls, make unauthorized system changes, access and manipulate underlying operating system files, create rogue administrator accounts, and execute arbitrary commands on UniFi OS devices. This compromises device integrity and confidentiality, potentially enabling attackers to move laterally within enterprise networks managed by these devices. The vulnerabilities have a maximum CVSS score of 10.0, indicating critical severity. Exploitation has been reported in the wild prior to patch availability, increasing risk to affected organizations.
Mitigation Recommendations
Ubiquiti released patches addressing these vulnerabilities in UniFi OS Server version 5.0.8 on May 21, 2026. Organizations should promptly update to this version or later to remediate the issues. The US CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog and recommends patching within three days. No alternative mitigations or workarounds are indicated. Patch status is confirmed as official fix available in version 5.0.8.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/critical-ubiquiti-vulnerabilities-in-attackers-crosshairs/","fetched":true,"fetchedAt":"2026-06-24T12:39:14.011Z","wordCount":1161}
Threat ID: 6a3bcff2eed863c81ed38b53
Added to database: 06/24/2026, 12:39:14 UTC
Last enriched: 06/24/2026, 12:39:50 UTC
Last updated: 06/24/2026, 14:44:26 UTC
Views: 102
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.