FeedCritical UniFi OS bug lets hackers gain root without authent...
Bleeping Computer
10.0CRITICAL

Critical UniFi OS bug lets hackers gain root without authentication

📅 8 June 2026 at 15:51 UTC📰 Bleeping ComputerView original source ↗
Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...]

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

Attackers can chain three vulnerabilities in UniFi OS Server to execute remote code with root privileges without authentication, exploiting improper access control, path traversal, and command injection flaws.

⚙️Technical Details
Affected Systems
UniFi OS Server versions 5.0.6 and earlier
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Organizations running UniFi OS Server versions 5.0.6 and earlier
🛡️Recommended Actions
1Upgrade to UniFi OS Server version 5.0.8 or later
2Monitor requests to 'ucs/update/latest_package' and 'ucs-update'
3Use the free detection script released by Bishop Fox
📦Affected Products
UniFi OS Server
🔐NVD Verified DataVERIFIED
CVE-2026-34908CVSS 10CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Weaknesses
CWE-284
CVE-2026-34909CVSS 10CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Weaknesses
CWE-22
CVE-2026-34910CVSS 10CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Weaknesses
CWE-20

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer
← Back to feed