Bleepingcomputer
Ubiquiti Patches Critical Vulnerabilities in UniFi OS Exposing Remote Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Ubiquiti has issued security updates for five critical vulnerabilities in UniFi OS, including three maximum severity flaws (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) that allow remote attackers to execute unauthorized commands and escalate privileges. The vulnerabilities can be exploited without user privileges and were reported through Ubiquiti's HackerOne bug bounty program. Censys reports nearly 100,000 internet-exposed UniFi OS endpoints, predominantly in the U.S. Ubiquiti has not confirmed if these vulnerabilities were exploited in the wild prior to the patch release. The company has a history of being targeted by state-backed groups and cybercriminals, with previous incidents involving botnets utilizing compromised devices. Additional vulnerabilities patched include a critical command injection flaw (CVE-2026-33000) and a high-severity information disclosure issue (CVE-2026-34911).
Key Points: • Ubiquiti patched five critical vulnerabilities in UniFi OS, including three maximum severity flaws. • The vulnerabilities allow remote attackers to execute commands and escalate privileges without authentication. • Censys reports nearly 100,000 exposed UniFi OS endpoints, primarily located in the U.S.