UniFi flaws under active attack: patch now

If your office network runs on Ubiquiti UniFi gear, the kind of console that manages your switches, Wi-Fi, and Protect cameras, this one needs your attention today. The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that three serious UniFi OS flaws are being actively exploited by attackers, and together they can hand someone full control of the device that runs your network. The fix is already out; the job is to install it.

What is happening

CISA added three maximum-severity UniFi OS vulnerabilities to its Known Exploited Vulnerabilities catalog, the list it keeps of flaws being used in real attacks. On their own each is bad; chained together, security researchers showed they let a network-based attacker take over a UniFi OS device completely, with no password required. The trio is an access-control bypass (CVE-2026-34908), a path-traversal flaw that exposes files on the device (CVE-2026-34909), and an input-validation flaw that allows running commands on it (CVE-2026-34910). Ubiquiti released fixes in May, and CISA set a patch deadline of June 26 for federal agencies, a good signal of how urgent it considers this.

Why this matters for a small business

UniFi is popular with small businesses for good reason: it is capable, affordable, and the same system often runs the whole network plus the security cameras. That also makes the UniFi console a high-value target. An attacker who controls it can change your network settings, switch off security controls, watch or disable your cameras, and use that foothold to move deeper into your systems, harvest credentials, and set up the kind of access ransomware crews rely on. CISA has not tied these flaws to a specific ransomware group yet, but it notes the access they grant matches exactly how those attacks usually begin.

What to do now

This is a clear, fixable problem. Work through it today:

Update UniFi OS now. Make sure your UniFi console or controller is running the patched release (UniFi OS Server 5.0.8 or later, or the current UniFi OS update for your device). This is the fix.
Get the management interface off the public internet. Your UniFi admin should not be reachable from the open web; use the official remote-access path or a VPN, not a port forwarded to the console.
Check for anything unexpected. Look for admin accounts you do not recognize and unusual entries in the logs, signs someone may already have been in.
Turn on automatic updates so the next critical fix installs itself instead of waiting on someone to remember.

For a 1 to 50 person team in Canada

The wider lesson is the one that keeps coming up: your network gear is a computer too, and it needs patching like every laptop and phone. The boxes that quietly run in a closet, your firewall, your UniFi console, your cameras, are exactly what attackers target, because they are powerful and easy to forget. If you are not sure whether your UniFi is up to date, or whether its admin page is exposed to the internet, that uncertainty is the real problem. Find out today, and put a routine in place so you are not relying on a news headline to tell you to patch.

That routine is what vulnerability management means in practice, and it is part of what our Managed Security and Managed Infrastructure services handle, so a flaw like this is patched before it becomes your problem. For more on running UniFi well, see our UniFi networking and cameras guide.

What is happening

Why this matters for a small business

What to do now

Related

UniFi networking and cameras for a small business

Vulnerability management for a small business: a practical guide

Managed Security