INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Ubiquiti Patches Critical Flaws Exploited in Attacks

| 2026-07-08 14:38 CRITICAL HIGH
Executive Summary AI-generated
Russian state-sponsored threat actors have been observed enlisting compromised Ubiquiti Edge OS routers into a botnet designed to proxy malicious traffic, with vulnerabilities identified in multiple critical security flaws impacting various UniFi products. These exploits include Server-Side Request Forgery and authenticated SQL injection vulnerabilities, which could result in privilege escalation and arbitrary command execution. The threat actors have been flagged by the US Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month. Ubiquiti has shipped updates to address these security flaws, with patches available for UniFi Connect, Talk, Access, Protect, and OS.
Technical Mitigations AI-generated
* Implement secure coding practices and follow best security guidelines to prevent exploitation of vulnerabilities. * Regularly update and patch operating systems, applications, and firmware to ensure timely application of known exploits fixes. * Use a Web Application Firewall (WAF) or intrusion detection/prevention system (IDPS) to detect and block malicious traffic. * Conduct regular vulnerability assessments and penetration testing to identify potential entry points for attackers. * Implement secure access controls, such as multi-factor authentication and role-based access control, to limit privileges and reduce the attack surface.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-50746CVE-2026-50746 CVE-2026-54402CVE-2026-54402 CVE-2026-34909CVE-2026-34909 CVE-2026-50747CVE-2026-50747 CVE-2025-67038CVE-2025-67038 CVE-2026-55115CVE-2026-55115 CVE-2026-34910CVE-2026-34910 CVE-2026-55116CVE-2026-55116 CVE-2026-54400CVE-2026-54400 CVE-2026-34908CVE-2026-34908 CVE-2026-50748CVE-2026-50748
Target & Sectors
Global Scope
Incident Timeline
‎February 2024
The Ubiquiti Patches were applied to the UniFi devices by MooBot.
tactic Botnet
‎2026/06/08
Threat actors used a vulnerability in UniFi OS to target versions 5.1.15 and earlier, which were patched by version 5.1.19 on June 8, 2026.
infrastructure 5.1.15
infrastructure 5.1.19
vulnerability CVE-2026-34908
vulnerability CVE-2026-34909
vulnerability CVE-2026-34910
attribution UniFi OS
‎Jul 08, 2026
The threat actors exploited a Server-Side Request Forgery vulnerability in UniFi Protect Application, which allowed them to escalate privileges on the host device.
infrastructure 3.4.16
infrastructure 3.4.20
infrastructure 9.9
infrastructure 5.1.2
infrastructure 5.2.2
infrastructure 4.2.28
infrastructure 4.2.29
organisation CVE-2026-55115
organisation UniFi Protect Application
infrastructure 7.1.77
infrastructure 7.1.83
infrastructure 9.1
organisation CVE-2026
infrastructure 5.1.15
infrastructure 5.1.19
infrastructure 9.0
organisation UniFi Connect Application
organisation SQL
organisation UniFi Talk Application
organisation UniFi Access Application
‎2026/07/08
Ubiquiti shipped updates to address multiple critical security flaws impacting UniFi Connect, Talk, Access, Protect, and UniFi OS.
organisation Vulnerability / Network Security
organisation UniFi Connect
organisation UniFi Talk
organisation UniFi Access
organisation UniFi Protect
organisation UniFi
organisation Bishop Fox
organisation CVE-2026
organisation Ubiquiti Patches Critical UniFi
organisation CVE-2025
organisation CVE-2025-67038
infrastructure 2.2.0
organisation EDR
Tactical Metrics
Metrics
infrastructure
‎3.4.16
Software Version
Metrics
infrastructure
‎3.4.20
Software Version
Metrics
infrastructure
‎9.9
Software Version
Metrics
infrastructure
‎5.1.2
Software Version
Metrics
infrastructure
‎5.2.2
Software Version
Metrics
infrastructure
‎4.2.28
Software Version
Metrics
infrastructure
‎4.2.29
Software Version
Metrics
infrastructure
‎9.1
Software Version
Metrics
infrastructure
‎7.1.77
Software Version
Metrics
infrastructure
‎7.1.83
Software Version
Metrics
infrastructure
‎5.1.15
Software Version
Metrics
infrastructure
‎5.1.19
Software Version
Metrics
infrastructure
‎9.0
Software Version
Metrics
infrastructure
‎2.2.0
Software Version
Intelligence Sources