[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8SqbMdhEcMuyFn0YfObCICHGSbzSpHMkdbHgPTebLfk":3},{"article":4,"iocs":48},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"d7d7b07f-bca8-4f9e-8485-142eb88dc798","CISA warns of max severity Ubiquiti flaws exploited in attacks","cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks-428591","The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...]","CISA has added four critical vulnerabilities affecting Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers to its Known Exploited Vulnerabilities catalog. These flaws, including access control bypass, directory traversal, and command injection, are being actively exploited by hackers. Federal agencies are mandated to patch these vulnerabilities within three days.","CISA warns of active exploitation of critical Ubiquiti UniFi OS and Lantronix server vulnerabilities.","CISA warns of max severity Ubiquiti flaws exploited in attacks By Bill Toulas June 24, 2026 10:35 AM 0 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. According to the BOD 26-04 directive, federal agencies have three days to apply available security updates or vendor-recommended mitigations. The Ubiquiti flaws that CISA added to its catalog of Known Exploited Vulnerabilities are: CVE-2026-34908: an access control bypass flaw that allows an unauthenticated attacker to make unauthorized changes to a UniFi OS system, potentially leading to full system compromise. CVE-2026-34909: a directory\u002Fpath traversal vulnerability that allows an attacker to access sensitive files on the underlying operating system, potentially exposing configuration files, credentials, and other sensitive data that could facilitate account takeover. CVE-2026-34910: an improper input validation flaw that enables an attacker to inject and execute arbitrary operating system commands, potentially leading to remote code execution and complete system takeover. Ubiquiti released security updates for the three vulnerabilities in May, warning that they could be exploited remotely without privileges. Researchers at Bishop Fox later demonstrated that the three flaws could be chained to achieve full remote code execution with elevated privileges on vulnerable UniFi OS devices. Bishop Fox has also released a free detection script on GitHub to help defenders discover vulnerable instances in their environment. The security issue exploited in Lantronix servers is tracked as CVE-2025-67038, and is a critical-severity root-level command injection affecting model EDS5000 running firmware 2.1.0.0R3. The vulnerability exists in the HTTP RPC module, which executes a shell command to log failed authentication attempts. The supplied username is concatenated directly into the shell command without proper sanitization, allowing an attacker to inject arbitrary operating system commands. Lantronix released a released a patch for CVE-2025-67038 and recommends users to upgrade to EDS5000 version 2.2.0.0R1. CISA has not shared any details about the observed exploitation of any of the four flaws, while the “use in ransomware campaigns” flag was set to “Unknown” for all of them. System administrators managing the above products are recommended to apply the available updates and\u002For suggested mitigations as soon as possible. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: CISA warns of active attacks exploiting Android, Linux bugsCisco Unified CM flaw CVE-2026-20230 now exploited in attacksHackers exploit info disclosure bug in Gravity SMTP WordPress pluginCISA: Splunk Enterprise flaw actively exploited, patch by SundayCISA orders feds to patch max severity Joomla plugin flaw by Friday","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F01\u002F13\u002FCISA--headpic.jpg","2026-06-24T14:35:15+00:00","2026-06-24T16:00:24.618761+00:00",9,[18,21,24,26,28],{"name":19,"type":20},"Ubiquiti","vendor",{"name":22,"type":23},"UniFi OS","product",{"name":25,"type":20},"Lantronix",{"name":27,"type":23},"EDS5000",{"name":29,"type":23},"serial-to-ethernet servers","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":30,"icon":32,"name":33,"slug":34},null,"Vulnerabilities","vulnerabilities",[36,41,43],{"category":37},{"id":38,"icon":32,"name":39,"slug":40},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":42},{"id":30,"icon":32,"name":33,"slug":34},{"category":44},{"id":45,"icon":32,"name":46,"slug":47},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[49,53,56,59],{"type":50,"value":51,"context":52},"cve","CVE-2026-34908","Ubiquiti UniFi OS access control bypass vulnerability",{"type":50,"value":54,"context":55},"CVE-2026-34909","Ubiquiti UniFi OS directory\u002Fpath traversal vulnerability",{"type":50,"value":57,"context":58},"CVE-2026-34910","Ubiquiti UniFi OS improper input validation vulnerability",{"type":50,"value":60,"context":61},"CVE-2025-67038","Lantronix EDS5000 root-level command injection vulnerability"]