HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Access Control and Code Injection Flaws in Ubiquiti UniFi OS and Lantronix EDS5000 Added to CISA KEV Catalog

CISA added four high‑severity vulnerabilities affecting Ubiquiti UniFi OS and Lantronix EDS5000 devices to its KEV catalog. Organizations using these network appliances face potential remote code execution and unauthorized system changes. The incident underscores the need for SOC 2‑aligned control mapping, continuous monitoring, and auditable remediation evidence.

LiveThreat™ Intelligence · 📅 June 24, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

Critical Access Control and Code Injection Flaws in Ubiquiti UniFi OS and Lantronix EDS5000 Added to CISA KEV Catalog

What Happened — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

  • CVE‑2025‑67038 – Lantronix EDS5000 code‑injection flaw (root‑level command execution).
  • CVE‑2026‑34908 – Ubiquiti UniFi OS improper access‑control (critical, CVSS 10.0).
  • CVE‑2026‑34909 – Ubiquiti UniFi OS path‑traversal issue.
  • CVE‑2026‑34910 – Ubiquiti UniFi OS improper input validation leading to command injection (critical, CVSS 10.0).

Why It Matters for Compliance & Audit Readiness

  • These flaws map directly to SOC 2 CC6.1 (Change Management) and CC7.1 (System Operations) controls; failure to remediate can be cited as a control deficiency during an audit.
  • Continuous evidence of patching and configuration validation satisfies the “monitoring and evidence collection” requirement of a mature SOC 2 program.
  • Demonstrating timely remediation aligns with CISA’s Binding Operational Directive 22‑01, providing defensible proof of due‑diligence for regulators and customers.

Who Is Affected – Enterprises that deploy Ubiquiti UniFi networking gear or Lantronix EDS5000 devices—common in technology SaaS firms, telecom providers, retail locations, and any organization with on‑premise network infrastructure.

Recommended Actions

  • Inventory all UniFi OS and EDS5000 assets and verify firmware versions.
  • Apply vendor‑released patches for CVE‑2026‑34908, CVE‑2026‑34909, CVE‑2026‑34910, and CVE‑2025‑67038 immediately.
  • Map the remediation steps to SOC 2 control requirements (CC6.1, CC7.1) and capture patch‑status evidence in your compliance repository.
  • Implement continuous vulnerability scanning and automated alerting for future KEV additions.

Source: SecurityAffairs

Technical Notes – The Lantronix flaw stems from unsanitized username parameters in the HTTP RPC module, leading to root‑level command injection. The Ubiquiti issues involve improper access control, path traversal, and input validation that enable remote attackers on the same network segment to execute arbitrary commands. No specific data exfiltration was reported, but the vulnerabilities grant full system control. Source: same as above

📰 Original Source
https://securityaffairs.com/194142/security/u-s-cisa-adds-ubiquiti-unifi-os-and-lantronix-eds5000-plugin-flaws-to-its-known-exploited-vulnerabilities-catalog.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →