ADVISORY SUMMARY
On June 23, 2026, CISA added three actively exploited Ubiquiti UniFi OS vulnerabilities to the KEV catalog: CVE-2026-34908 (Improper Access Control — allows unauthorized system changes), CVE-2026-34909 (Path Traversal — allows access to underlying system files and account manipulation), and CVE-2026-34910 (Improper Input Validation / Command Injection). Ubiquiti UniFi devices are extremely widespread in SMB, MSSP, and enterprise environments, making this cluster high-impact for network perimeter security.
AFFECTED SYSTEMS
MITIGATION GUIDANCE
1. Apply mitigations per Ubiquiti vendor instructions immediately (Security Advisory Bulletin 064: https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b). 2. Restrict management interface access to trusted internal networks. 3. Disable remote management from internet-facing interfaces where not required. 4. Audit all admin accounts on UniFi OS devices for unknown entries. 5. Comply with CISA BOD 26-04 patching guidelines for federal deployments.
DETECTION SIGNATURES
1. Monitor UniFi OS authentication logs for logins from unexpected IPs or geographies. 2. Alert on unauthorized configuration changes (access control modifications, new user creation). 3. Detect path traversal patterns in HTTP requests to the UniFi management interface (e.g., sequences of '../'). 4. Monitor for unexpected command execution or system file access on UniFi OS hosts. 5. Review network traffic from UniFi controllers for unexpected outbound connections.
REFERENCES
- → https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog
- → https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b
- → https://nvd.nist.gov/vuln/detail/CVE-2026-34908
- → https://nvd.nist.gov/vuln/detail/CVE-2026-34909
- → https://nvd.nist.gov/vuln/detail/CVE-2026-34910