Ubiquiti UniFi OS security updates (multiple vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
Ubiquiti released security updates for UniFi OS to close five vulnerabilities, including three maximum-severity flaws that could let remote attackers without privileges alter systems or reach files and commands.
Related Happenings
Ubiquiti UniFi Connect, Talk, Access, Protect, and OS security patch release (multiple vulnerabilities)
Security Patch Release
H score45
First: 08.07.2026 17:38
Last: 08.07.2026 17:38
Sources 1
About this happening:
**Ubiquiti** shipped **updates** for **UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS**, closing **multiple critical vulnerabilities** that could enable **pr...
Ubiquiti UniFi Connect, Talk, Access, Protect, and OS security patch release (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Ubiquiti** shipped **updates** for **UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS**, closing **multiple critical vulnerabilities** that could enable **pr...
Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910
Security Patch Release
H score53
First: 24.06.2026 20:19
Last: 24.06.2026 20:19
Sources 1
About this happening:
Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...
Ubiquiti UniFi OS security patch release for CVE-2026-34908/34909/34910
Security Patch ReleaseAbout this happening: Ubiquiti released **UniFi OS** patches for **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, closing three maximum-severity defects tied to **in-the-wild exploitatio...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
H score79
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation Wave
H score39
First: 29.12.2025 09:49
Last: 29.12.2025 09:49
Sources 1
About this happening:
**CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation WaveAbout this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
F5 BIG-IP and related products October 2025 security updates (44 vulnerabilities)
Security Patch Release
H score63
First: 15.10.2025 21:01
Last: 15.10.2025 21:01
Sources 1
About this happening:
**F5** released **October 2025 security updates** for **BIG-IP** and related products, patching **44 vulnerabilities** and urging customers to update immediately. The bundle inclu...
F5 BIG-IP and related products October 2025 security updates (44 vulnerabilities)
Security Patch ReleaseAbout this happening: **F5** released **October 2025 security updates** for **BIG-IP** and related products, patching **44 vulnerabilities** and urging customers to update immediately. The bundle inclu...
Timeline
-
24.06.2026 15:32 2 articles · 15d ago
CISA warns of in-the-wild exploitation of Ubiquiti UniFi OS flaws
Exploitation ObservedCISA warned that threat actors were targeting CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 in Ubiquiti UniFi OS devices after the flaws were patched in UniFi OS Server 5.0.8, and multiple users reported that the bugs were exploited in the wild, likely as zero-days, to create rogue administrator accounts named John Sim.
Show sources
- Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs — www.securityweek.com — 24.06.2026 15:32
- CISA warns of max severity Ubiquiti flaws exploited in attacks — www.bleepingcomputer.com — 24.06.2026 17:35
-
08.06.2026 18:51 1 articles · 1mo ago
Bishop Fox validates unauthenticated root RCE chain in UniFi OS Server
Technical Analysis UpdateBishop Fox researchers validated a chain of CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 against Ubiquiti UniFi OS Server 5.0.6, showing that CVE-2026-34908 and CVE-2026-34909 can bypass authentication and reach a vulnerable endpoint where CVE-2026-34910 enables command injection, with the affected service account’s sudo privileges making root shell access trivial and no credentials or user interaction required. The researchers also released a free detection script, advised hunting for requests to /api/auth/validate-sso/ and ucs/update/latest_package plus suspicious ucs-update child processes and unexpected sudo commands, and said the chain does not work on UniFi OS Server 5.0.8 or later.
Show sources
- Critical UniFi OS bug lets hackers gain root without authentication — www.bleepingcomputer.com — 08.06.2026 18:51
-
22.05.2026 15:00 2 articles · 1mo ago
Ubiquiti releases UniFi OS security updates
Initial DisclosureUbiquiti released security updates for UniFi OS on 2026-05-22 to address five vulnerabilities, including CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-33000, and CVE-2026-34911. The flaws could let remote attackers without privileges make unauthorized changes, access files through path traversal, or launch command injection after network access, and Ubiquiti said the issues were reported through its HackerOne bug bounty program and had not been disclosed as exploited in the wild. Censys was tracking nearly 100,000 Internet-exposed UniFi OS endpoints, including nearly 50,000 IP addresses in the United States.
Show sources
- Ubiquiti patches three max severity UniFi OS vulnerabilities — www.bleepingcomputer.com — 22.05.2026 15:00
- Ubiquiti patches three max severity UniFi OS vulnerabilities — www.bleepingcomputer.com — 22.05.2026 15:00