Overview
- CISA added three UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) and one Lantronix EDS5000 flaw (CVE-2025-67038) to its Known Exploited Vulnerabilities catalog and ordered federal agencies to remediate them quickly.
- The UniFi bugs include an access-control bypass, a path traversal flaw, and an input-validation defect that together can expose files, bypass authentication, and enable command injection on the host system.
- Security researchers at BishopFox showed that the UniFi flaws can be chained to achieve unauthenticated remote code execution, and multiple users reported in‑the‑wild incidents such as automated creation of rogue admin accounts named 'John Sim'.
- Vendors have released fixes—Ubiquiti’s UniFi OS Server 5.0.8 and Lantronix firmware 2.2.0.0R1—and researchers have published detection scripts, but CISA has not disclosed technical details of observed exploitation and links to ransomware remain unknown.
- The order raises immediate operational risk for federal and private networks because UniFi manages many centrally controlled devices and Lantronix units sit in OT and device-management paths, making rapid patching or mitigation essential to prevent lateral network takeover.