Ubiquiti released security updates for UniFi OS after disclosing five vulnerabilities that could let attackers tamper with devices, read files, or run commands. The issues include CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, all rated maximum severity, plus CVE-2026-33000 and CVE-2026-34911. They affect UniFi OS on UniFi Consoles that run UniFi Network, Protect, Access, Talk, and Connect; the flaws involve improper access control, path traversal, command injection, and information disclosure. Ubiquiti says the bugs can be exploited with low complexity and nearly 100,000 internet-exposed endpoints have been observed.
Why it matters: Organizations and home or small-business users running UniFi OS may be exposed to remote compromise if their management devices are reachable online. This is an update-now issue: apply Ubiquiti's patches promptly and reduce internet exposure of UniFi management interfaces where possible.
Sergiu Gatlan
2026.05.22
100% relevant
This article appears to be the first clear report of Ubiquiti's May 2026 UniFi OS patch release covering CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, CVE-2026-33000, and CVE-2026-34911, which is distinct from the previously tracked March 2026 UniFi Network Application flaws.
← Back to all stories