Critical severity10.0CISA KEVNVD Advisory· Published May 22, 2026· Updated May 22, 2026
CVE-2026-34908
CVE-2026-34908
Description
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
13- 29th June – Threat Intelligence ReportCheck Point Research · Jun 29, 2026
- Breach Roundup: How Hackers Exploited a Cisco SD-WAN FlawGovInfoSecurity · Jun 26, 2026
- CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively ExploitedThe Hacker News · Jun 24, 2026
- CISA warns of max severity Ubiquiti flaws exploited in attacksBleepingComputer · Jun 24, 2026
- Critical Ubiquiti Vulnerabilities in Attackers’ CrosshairsSecurityWeek · Jun 24, 2026
- CISA Warns of Ubiquiti UniFi OS Vulnerability Actively Exploited in AttacksCyber Security News · Jun 24, 2026
- Ubiquiti: 2 Actively-Exploited Flaws Added to CISA KEVVypr Intelligence · Jun 23, 2026
- ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreThe Hacker News · Jun 15, 2026
- Critical UniFi OS bug lets hackers gain root without authenticationBleepingComputer · Jun 8, 2026
- ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hacker News · Jun 8, 2026
- ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosThe Hacker News · May 25, 2026
- Ubiquiti patches three max severity UniFi OS vulnerabilitiesBleepingComputer · May 22, 2026
- CISA Adds Four Known Exploited Vulnerabilities to CatalogCISA Alerts