CISA warns that threat actors are targeting three critical vulnerabilities in Ubiquiti devices, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, all rated with a CVSS score of 10/10. These flaws allow unauthorized access and command injection, and although patches were released last month, they were reportedly exploited in the wild to create rogue admin accounts. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies to act swiftly. A closely related vulnerability, CVE-2025-67038, also poses a severe threat, enabling command injection with root privileges.
CISA urges patching as hackers exploit critical Ubiquiti flaws
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
CISA urges patching as hackers exploit critical Ubiquiti flaws
www.securityweek.com
-
CISA flags Ubiquiti, Lantronix flaws; urges US patch by June 2026
cybersixt.com
-
SmartRAT ClickFix targets Brazilian banks with AI spoofed domains
-
CVE-2025-67038 exploit seen in Lantronix, Ubiquiti devices
-
Lantronix, UniFi flaws surface as Outlook Mac reply glitch seen
-
Google Search Now Saves Your Uploaded Media to Train AI
-
Flaw in AVer PTC500S cameras allows remote code execution
-
CISA Adds Four Exploited UniFi OS and Lantronix Flaws to KEV Catalog
-
CISA adds Ubiquiti UniFi OS flaw CVE-2026-34908 to KEV list
-
Critical Ubiquiti UniFi OS flaw exploited in the wild, no patch
-
Lantronix EDS5000 Command Injection Flaw Under Active Attack
-
CISA flags active exploit in Ubiquiti UniFi OS CVE-2026-34910
-
CISA adds CVE-2026-34909 to KEV as UniFi OS flaw exploited
-
CISA Flags Critical UniFi OS Flaw as Actively Exploited, No Patch
-
Lantronix EDS5000 Command Injection Flaw Under Active Attack