{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/unifi-os/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":10,"id":"CVE-2026-34908"},{"cvss":10,"id":"CVE-2026-34909"},{"cvss":10,"id":"CVE-2026-34910"},{"cvss":9.1,"id":"CVE-2026-33000"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["UniFi OS"],"_cs_severities":["critical"],"_cs_tags":["vulnerability","unifi","command_injection","path_traversal","improper_access_control"],"_cs_type":"advisory","_cs_vendors":["Ubiquiti"],"content_html":"\u003cp\u003eUbiquiti has released security updates to address multiple critical vulnerabilities in UniFi OS, a system designed for managing IT infrastructure including networking, security, and other services. These vulnerabilities, disclosed in May 2026, affect a wide range of UniFi OS products. Exploitation of these vulnerabilities could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems. Given the central role of UniFi OS devices in managing networks, successful exploitation could lead to significant compromise, including lateral movement to other systems. The affected products include UCG-Industrial, UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max, UCG-Fiber, UDR-5G, ENVR-Core, UCKP, UCK, UCK-Enterprise, UniFi OS Server, UNVR-G2, UNVR-G2-Pro, UDM-Beast, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4, UNAS-Pro-8, and Express.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable UniFi OS device accessible on the network (e.g., CVE-2026-34908, CVE-2026-34909, CVE-2026-34910).\u003c/li\u003e\n\u003cli\u003eThe attacker exploits an Improper Access Control vulnerability (CVE-2026-34908) to bypass authentication or authorization mechanisms.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker leverages a Path Traversal vulnerability (CVE-2026-34909) to read sensitive files on the file system.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the Path Traversal vulnerability to access files containing credentials or configuration data to further compromise the system.\u003c/li\u003e\n\u003cli\u003eOr, the attacker exploits an Improper Input Validation vulnerability (CVE-2026-34910 or CVE-2026-33000) to inject arbitrary commands into the system.\u003c/li\u003e\n\u003cli\u003eThe attacker executes commands to gain a shell on the UniFi OS device.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence on the compromised UniFi OS device.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised device as a pivot point to move laterally within the network and compromise other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to full compromise of UniFi OS devices. Since these devices are often used to manage critical network infrastructure, a successful attack could allow an attacker to gain control of the entire network, leading to data theft, service disruption, and other malicious activities. The CCB has assessed these vulnerabilities as critical, given the high CVSS scores and the potential impact on confidentiality, integrity, and availability of targeted devices.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch Ubiquiti UniFi OS devices to the latest version to address CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, and CVE-2026-33000.\u003c/li\u003e\n\u003cli\u003eEnable network monitoring to detect suspicious activity related to exploitation attempts, ensuring a swift response in case of an intrusion.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect UniFi OS Path Traversal Attempt\u0026rdquo; to identify potential exploitation of CVE-2026-34909 via web server logs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect UniFi OS Command Injection Attempt\u0026rdquo; to identify potential exploitation of CVE-2026-34910 and CVE-2026-33000 via web server logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T20:42:17Z","date_published":"2026-05-26T20:42:17Z","id":"https://feed.craftedsignal.io/briefs/2026-05-unifi-os-vulns/","summary":"Ubiquiti has addressed multiple critical vulnerabilities including CVE-2026-34908, CVE-2026-34909, CVE-2026-34910, and CVE-2026-33000 in UniFi OS, which could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems.","title":"Multiple Critical Vulnerabilities in Ubiquiti UniFi OS","url":"https://feed.craftedsignal.io/briefs/2026-05-unifi-os-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — UniFi OS","version":"https://jsonfeed.org/version/1.1"}