Researchers say attackers can take over vulnerable UniFi OS Server systems without a password and gain full root control. Bishop Fox showed that three patched bugs in UniFi OS Server 5.0.6 and earlier—CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910—can be chained from the network to bypass authentication, read files, and trigger command injection, leading to remote code execution and trivial privilege escalation via passwordless sudo.
Why it matters: UniFi OS Server can manage core business systems such as networking, cameras, and door access, so compromise can hand attackers broad control of an organization’s environment. Organizations using affected versions should patch immediately and check for suspicious requests to the noted endpoints, because the attack leaves little or no login evidence.
Bill Toulas
2026.06.08
100% relevant
This article establishes a distinct story by surfacing a newly detailed exploit chain and defender guidance for three UniFi OS Server CVEs that together enable unauthenticated root-level remote code execution.
← Back to all stories