The **CISA** has added several critical vulnerabilities to its catalog of Known Exploited Vulnerabilities, urging immediate action from federal agencies under the **BOD 26-04 directive**. These flaws, affecting widely used network infrastructure, are actively being exploited by threat actors. ### Ubiquiti UniFi OS Under Attack Three high-severity vulnerabilities in **Ubiquiti UniFi OS** are currently under active exploitation: * **CVE-2026-34908**: An access control bypass flaw that allows an unauthenticated attacker to make unauthorized changes, potentially leading to full system compromise. * **CVE-2026-34909**: A directory/path traversal vulnerability enabling attackers to access sensitive files, including configuration files and credentials, facilitating account takeover. * **CVE-2026-34910**: An improper input validation flaw that permits arbitrary operating system command injection, potentially resulting in remote code execution and complete system takeover. **Ubiquiti** released security updates for these vulnerabilities in May, acknowledging their remote exploitability without prior authentication. Researchers at **Bishop Fox** later demonstrated that these three flaws could be chained together to achieve full remote code execution with elevated privileges on vulnerable **UniFi OS** devices. **Bishop Fox** has also provided a [free detection script on GitHub](https://github.com/BishopFox/CVE-2026-34908-check) to assist organizations in identifying vulnerable instances within their environments. ### Critical Flaw in Lantronix Servers Another significant vulnerability, **CVE-2025-67038**, affects **Lantronix** **EDS5000** series devices running firmware 2.1.0.0R3. This critical-severity root-level command injection vulnerability resides in the HTTP RPC module. The flaw occurs because the supplied username in failed authentication attempts is concatenated directly into a shell command without proper sanitization, allowing attackers to inject arbitrary operating system commands. **Lantronix** has [released a patch](https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032) and recommends upgrading to **EDS5000** version 2.2.0.0R1. ### Urgent Call to Action **CISA** has not disclosed specific details regarding the observed exploitation campaigns, and the 'use in ransomware campaigns' flag remains 'Unknown' for all listed vulnerabilities. Despite this, the active exploitation necessitates immediate attention. System administrators managing **Ubiquiti UniFi OS** and **Lantronix EDS5000** products are strongly advised to apply the available security updates and recommended mitigations as soon as possible to prevent potential compromise.