๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability
Summary
Ubiquiti UniFi OS has an improper access control vulnerability (a flaw that fails to properly check whether a user is allowed to perform an action) that could let someone already on the network make unauthorized changes to the system. This vulnerability is actively being exploited by attackers.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions, following CISA's BOD 26-04 (Prioritizing Security Updates Based on Risk) guidance. If mitigations are unavailable for cloud services, discontinue use of the product. Organizations must evaluate each asset's internet exposure and ensure adherence to BOD 26-04 patching guidelines by the due date of 2026-06-26. Refer to the Ubiquiti Security Advisory Bulletin 064 at https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b for specific vendor instructions.
Vulnerability Details
EPSS: 0.9%
Yes
๐ฅ Actively Exploited
June 22, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34908
First tracked: June 23, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%