CISA has identified four actively exploited vulnerabilities affecting Ubiquiti UniFi OS and Lantronix EDS5000 devices as of June 23, 2026. The vulnerabilities are critically rated, with CVSS scores reaching 10.0. Details include: 1) CVE-2026-34908: Improper Access Control; 2) CVE-2026-34909: Path Traversal; 3) CVE-2026-34910: Improper Input Validation; and 4) CVE-2025-67038: Code Injection. Users are urged to update their systems by June 26, 2026, to mitigate risks, as intrusions could lead to unauthorized control of devices.
CISA Adds Four Exploited UniFi OS and Lantronix Flaws to KEV Catalog
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
CISA Adds Four Exploited UniFi OS and Lantronix Flaws to KEV Catalog
securityonline.info
-
CISA adds Ubiquiti UniFi OS flaw CVE-2026-34908 to KEV list
cybersixt.com
-
Critical Ubiquiti UniFi OS flaw exploited in the wild, no patch
-
Lantronix EDS5000 Command Injection Flaw Under Active Attack
-
CISA flags active exploit in Ubiquiti UniFi OS CVE-2026-34910
-
CISA adds CVE-2026-34909 to KEV as UniFi OS flaw exploited
-
CISA Flags Critical UniFi OS Flaw as Actively Exploited, No Patch
-
Lantronix EDS5000 Command Injection Flaw Under Active Attack