CYBERSIXT Signal Over Noise
securityaffairs.com 6/24/2026, 10:32:19 AM · external

CISA flags Ubiquiti, Lantronix flaws; urges US patch by June 2026

CISA flags Ubiquiti, Lantronix flaws; urges US patch by June 2026
CyberSIXT Evidence Panel
Primary Source cisa.gov
CVE Intel
CVE-2025-67038 - NVD CISA KEV due 2026-06-26 9.8 CRITICAL Patch Unknown
CVE-2026-34908 - NVD CISA KEV due 2026-06-26 10 CRITICAL Patch Unknown
CVE-2026-34909 - NVD CISA KEV due 2026-06-26 10 CRITICAL Patch Unknown
CVE-2026-34910 - NVD CISA KEV due 2026-06-26 10 CRITICAL Patch Unknown
CISA KEV Listed in KEV
Patch Patch Status Unknown

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, specifically targeting Ubiquiti UniFi OS and Lantronix EDS5000. The vulnerabilities include:

1. CVE-2025-67038: A code injection flaw in Lantronix EDS5000, which lacks proper username sanitization allowing arbitrary command execution.

2. CVE-2026-34908: An improper access control vulnerability in Ubiquiti UniFi OS with a critical CVSS score of 10.0, enabling unauthorized system modifications.

3. CVE-2026-34909: A path traversal vulnerability in UniFi OS, though details are limited.

4. CVE-2026-34910: Another critical flaw (CVSS 10.0) in UniFi OS leading to potential command injection. Federal agencies must remediate these vulnerabilities by June 26, 2026, to safeguard against potential exploits.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline