Ubiquiti UniFi OS security updates (multiple vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
Ubiquiti released security updates for UniFi OS to close five vulnerabilities, including three maximum-severity flaws that could let remote attackers without privileges alter systems or reach files and commands.
Related Happenings
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation Wave
First: 29.12.2025 09:49
Last: 29.12.2025 09:49
Sources 1
About this happening:
**CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
MongoDB CVE-2025-14847 active exploitation worldwide
Exploitation WaveAbout this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...
Timeline
-
22.05.2026 15:00 2 articles · 5d ago
Ubiquiti releases UniFi OS security updates
Initial DisclosureUbiquiti released security updates for UniFi OS on 2026-05-22 to address five vulnerabilities, including CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-33000, and CVE-2026-34911. The flaws could let remote attackers without privileges make unauthorized changes, access files through path traversal, or launch command injection after network access, and Ubiquiti said the issues were reported through its HackerOne bug bounty program and had not been disclosed as exploited in the wild. Censys was tracking nearly 100,000 Internet-exposed UniFi OS endpoints, including nearly 50,000 IP addresses in the United States.
Show sources
- Ubiquiti patches three max severity UniFi OS vulnerabilities — www.bleepingcomputer.com — 22.05.2026 15:00
- Ubiquiti patches three max severity UniFi OS vulnerabilities — www.bleepingcomputer.com — 22.05.2026 15:00