HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

CISA Warns of Actively Exploited Critical Ubiquiti UniFi OS and Lantronix Server Vulnerabilities

CISA added three Ubiquiti UniFi OS flaws and one Lantronix server bug to its Known Exploited Vulnerabilities list, noting active remote attacks. Organizations must patch immediately and map remediation to SOC 2 controls, a scenario where Verisq’s Control Mapping capability adds audit‑ready evidence.

LiveThreat™ Intelligence · 📅 June 24, 2026· 📰 bleepingcomputer.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
bleepingcomputer.com

CISA Warns of Actively Exploited Critical Ubiquiti UniFi OS and Lantronix Server Vulnerabilities

What Happened — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three Ubiquiti UniFi OS flaws (CVE‑2026‑34908, CVE‑2026‑34909, CVE‑2026‑34910) and one Lantronix EDS5000 flaw (CVE‑2025‑67038) to its Known Exploited Vulnerabilities catalog. All four bugs allow unauthenticated attackers to bypass access controls, read sensitive files, or execute arbitrary commands, and researchers have demonstrated full remote‑code execution when the flaws are chained.

Why It Matters for Compliance & Audit Readiness

  • These vulnerabilities illustrate a classic control‑gap scenario that SOC 2 / continuous‑compliance programs must detect, remediate, and retain evidence for.
  • Mapping the affected controls (e.g., CC6.1 System Operations, CC7.1 Change Management) and documenting patch‑management evidence satisfies both internal audit and regulator expectations.
  • Verisq’s Control Mapping capability can automatically align remediation actions with SOC 2 criteria and generate immutable proof for auditors.

Who Is Affected — Enterprises that deploy Ubiquiti UniFi networking gear or Lantronix serial‑to‑Ethernet servers across any sector (technology, finance, healthcare, government, etc.).

Recommended Actions

  • Prioritize patching the three UniFi OS CVEs and the Lantronix EDS5000 update per CISA’s three‑day BOD 26‑04 directive.
  • Run Bishop Fox’s detection script to inventory vulnerable devices.
  • Update your configuration‑management database (CMDB) and map the remediation to SOC 2 Control CC6.1 (System Operations) and CC7.1 (Change Management).
  • Capture patch‑deployment logs and detection‑script results as audit evidence in a tamper‑proof repository.

Technical Notes

  • CVE‑2026‑34908 – Access‑control bypass, unauthenticated changes to UniFi OS.
  • CVE‑2026‑34909 – Path traversal exposing OS files, credentials.
  • CVE‑2026‑34910 – Improper input validation → arbitrary OS command execution.
  • CVE‑2025‑67038 – Root‑level command injection in Lantronix HTTP RPC module.

Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →