A trio of critical vulnerabilities in Ubiquiti networking software are being exploited in the wild, CISA warned this week.

The bugs — described as CVE-2026-34908, CVE-2026-34909 and CVE-2026-34910 — all impact UniFi OS devices, hardware consoles, and Cloud Gateways that run Ubiquiti's UniFi operating system, and can be exploited via network access.

All three have a CVSS score of 10 — the highest possible score — and were added to the Known Exploited Vulnerabilities catalog on Tuesday, June 23, but they have yet to be flagged as used in ransomware campaigns. Ubiquiti published a security bulletin with patched version updates for all three on May 22.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in