Ubiquiti issues patches for three high-severity UniFi OS flaws exploitable remotely
Ubiquiti released patches for three max-severity UniFi OS vulnerabilities (CVE-2026-34908/34909/34910) that allow remote attackers to change targeted systems, access underlying files, or inject commands, plus earlier patches for CVE-2026-33000 and CVE-2026-34911. The flaws can be exploited with low complexity on UniFi OS devices. Threat intel tracks nearly 100,000 internet-exposed UniFi OS endpoints (many in the U.S.); there’s no public confirmation of exploitation yet. The fixes were disclosed via HackerOne.