The Bottom Line: Ubiquiti UniFi OS contains three maximum-severity vulnerabilities that, when combined, enable unauthenticated remote access and require immediate patching.
Ubiquiti released an emergency patch for UniFi OS in May 2026, closing three critical vulnerabilities. CVEs 2026-34908, 2026-34909 and 2026-34910 are rated maximum under CVSS 3.1 and together enable unauthenticated remote access.
In May 2026, Ubiquiti released an urgent security update for UniFi OS. Three vulnerabilities – CVE-2026-34908, CVE-2026-34909 and CVE-2026-34910 – were classified with the highest possible CVSS 3.1 rating of 10.0.
The practical significance of these vulnerabilities lies in their combinability: an attacker can exploit the three flaws in sequence to gain unauthorized access to affected UniFi systems without authentication. This affects network infrastructure that functions as central access control in many enterprise environments.
For CISOs, this means UniFi installations must be reviewed immediately and brought to the current patch level. The maximum CVSS rating and remote exploitability without authentication require the highest priority in patch management. Particularly critical is the need to close these vulnerabilities promptly, since network equipment such as UniFi is often visible across the entire network perimeter.
Source: borncity.com · Published 9 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.