CISA has added CVE‑2026-34908 to its Known Exploited Vulnerabilities catalogue, flagging a critical flaw in Ubiquiti’s UniFi OS that is already being exploited in the wild.
The vulnerability carries a CVSS v3.1 base score of 10.0 and stems from an improper access control check in the UniFi OS management interface.
An attacker who gains a foothold on the local network can send specially crafted requests to bypass authentication and obtain full administrative control over the device.
UniFi OS serves as the central controller for Ubiquiti’s wireless switches, access points and security gateways, so a compromise can give an adversary the ability to alter network configurations, push malicious firmware or disable security controls.
No authentication is required beyond network access, and the flaw can be triggered remotely once the attacker is inside the trusted segment.
CISA’s decision to list the bug follows confirmed active exploitation, although no specific threat actor or ransomware campaign has been publicly tied to the CVE to date.
The addition highlights the urgency for organisations that deploy UniFi OS to treat the issue as an immediate priority.
Defenders should immediately restrict management access to UniFi OS devices to known administration VLANs and enforce strict network segmentation between user and control planes.
Monitoring logs for unexpected privilege changes or configuration pushes can help detect abuse, and any anomalous admin activity should be investigated as a potential compromise.
Until Ubiquiti releases a patch, consider disabling remote management features or placing the controller behind a VPN with multi‑factor authentication.
Administrators are advised to subscribe to Ubiquiti security advisories and apply any forthcoming update as soon as it becomes available.
Maintaining an accurate inventory of all UniFi OS instances and reporting suspected intrusion attempts to CISA can aid broader defence efforts.