Three CVSS 10.0 Vulnerabilities in Ubiquiti UniFi OS — Zero Auth, Full Network Control
Three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS. One exploit chain. Full network control. Zero authentication required.
If you use UniFi in your office — and most DACH SMBs do — this is your highest-priority patch this week.
CISA added three Ubiquiti vulnerabilities to its Known Exploited Vulnerabilities catalog on June 23, confirming active exploitation in the wild. CVE-2026-34909 lets an unauthenticated attacker read arbitrary files including credentials and key material. CVE-2026-34908 lets an unauthenticated attacker make administrative changes to any exposed device. CVE-2026-34910 lets an unauthenticated attacker inject and execute system commands.
Chained together: read credentials, take admin control, execute anything. Zero authentication required at any step. No user interaction needed.
Censys is tracking approximately 100,000 internet-exposed UniFi OS endpoints globally. Ubiquiti is the dominant networking brand for DACH SMBs. When an attacker owns your UniFi controller, they control your VLAN segmentation, your firewall rules, your site-to-site tunnels, and your network DNS.
Patches have been available since May 22. What to do: Patch to UniFi OS Server 5.0.8+ and firmware 5.1.12+ immediately. Restrict UniFi OS management access to internal networks only. Verify your firewall rules do not expose the management port externally.
For those who want a deeper dive into this topic:
