CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 24, 2026

CISA Warns of Ubiquiti UniFi OS Vulnerability Actively Exploited in Attacks

Cybersecurity News Archived Jun 24, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple Ubiquiti UniFi OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that at least one of the flaws is now being actively exploited in the wild. Federal civilian agencies and other UniFi deployments are urged to prioritize patching by June 26, 2026, in […] The post CISA Warns of Ubiquiti UniFi OS Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News .

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security CISA Warns of Ubiquiti UniFi OS Vulnerability Actively Exploited in Attacks By Guru Baran June 24, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added multiple Ubiquiti UniFi OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that at least one of the flaws is now being actively exploited in the wild. Federal civilian agencies and other UniFi deployments are urged to prioritize patching by June 26, 2026, in line with CISA’s Binding Operational Directive (BOD) 26-04. According to the advisory, the most critical issue, tracked as CVE-2026-34908, stems from improper access control in Ubiquiti UniFi OS. An attacker with network access can make unauthorized changes to the system, potentially altering configurations, disabling security controls, or manipulating network behavior within affected environments. CISA notes that stakeholders must assess each asset’s internet exposure and ensure updates are prioritized based on risk, especially where UniFi management interfaces are reachable from untrusted networks. CISA also flagged two additional UniFi OS flaws that could be chained with the access control issue for deeper compromise. CVE-2026-34909 is a path traversal vulnerability that allows an authenticated or local attacker with network access to read or manipulate files on the underlying system, which could then be abused to gain access to an underlying account. CVE-2026-34910, an improper input validation bug, enables command injection, giving an attacker the ability to execute arbitrary commands on the device once a foothold is established. While there is currently no confirmed evidence that these specific UniFi OS flaws are being used in ransomware campaigns, CISA has classified the exploitation status as “unknown” and warns that the access gained through these issues aligns with common ransomware operator tradecraft. Once a UniFi controller or gateway is compromised, threat actors could pivot into internal networks, harvest credentials, or tamper with traffic flows to support data theft, lateral movement, or disruptive attacks. CISA directs organizations to apply mitigations in accordance with Ubiquiti’s vendor guidance and to align actions with BOD 26-04’s risk-based patching requirements and CISA’s Forensics Triage Requirements. For cloud-hosted UniFi deployments, agencies must follow the portions of BOD 26-04 that specifically address cloud services or discontinue use of the product if mitigations or patches are not available in time. Operators are reminded that they are responsible for evaluating exposure, ensuring accelerated patching of internet-facing systems, and maintaining logs to support rapid forensic triage in the event of suspected exploitation. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news vulnerability Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks Hackers Using FortigateSniffer Tool That Turns Compromised Firewalls Into Password Collectors Hackers Can Leverage SQL Server 2025 AI Features to Exfiltrate Sensitive Data Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch Latest News Cyber Security News In-Browser Data Inspection Lets Analysts Track Phishing Attack Flow Inside Browser Sessions Press Release Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity  Tech News Anthropic Launches Claude Tag – AI Teammate Now Lives Inside Slack ANY.RUN Your SOC Has Too Many IOCs: How to Cut Feed Noise, Prioritize What Matters, and Improve Response  Cyber Security Bajaj Auto Hit by a Ransomware Attack – Internal Systems Affected
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗