๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability
Summary
Ubiquiti UniFi OS has a vulnerability where it doesn't properly check user input, allowing someone on the network to perform command injection (running unauthorized commands on the system). This vulnerability is currently being exploited by attackers in real attacks.
Solution / Mitigation
Apply mitigations according to vendor instructions and follow CISA's BOD 26-04 guidance on prioritizing security updates. If mitigations are unavailable, discontinue use of the product. Organizations must evaluate whether their systems are exposed to the internet and ensure they meet BOD 26-04 patching requirements by the due date of 2026-06-26. See the Ubiquiti Security Advisory Bulletin 064 for specific vendor guidance.
Vulnerability Details
EPSS: 33.6%
Yes
๐ฅ Actively Exploited
June 22, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34910
First tracked: June 23, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%