INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Ubiquiti Patches Critical Flaws Exploited in Attacks
| 2026-07-08 14:38 CRITICAL HIGHExecutive Summary AI-generated
Russian state-sponsored threat actors have been observed enlisting compromised Ubiquiti Edge OS routers into a botnet designed to proxy malicious traffic, with vulnerabilities identified in multiple critical security flaws impacting various UniFi products. These exploits include Server-Side Request Forgery and authenticated SQL injection vulnerabilities, which could result in privilege escalation and arbitrary command execution. The threat actors have been flagged by the US Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month. Ubiquiti has shipped updates to address these security flaws, with patches available for UniFi Connect, Talk, Access, Protect, and OS.
Technical Mitigations AI-generated
* Implement secure coding practices and follow best security guidelines to prevent exploitation of vulnerabilities.
* Regularly update and patch operating systems, applications, and firmware to ensure timely application of known exploits fixes.
* Use a Web Application Firewall (WAF) or intrusion detection/prevention system (IDPS) to detect and block malicious traffic.
* Conduct regular vulnerability assessments and penetration testing to identify potential entry points for attackers.
* Implement secure access controls, such as multi-factor authentication and role-based access control, to limit privileges and reduce the attack surface.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-50746CVE-2026-50746
CVE-2026-54402CVE-2026-54402
CVE-2026-34909CVE-2026-34909
CVE-2026-50747CVE-2026-50747
CVE-2025-67038CVE-2025-67038
CVE-2026-55115CVE-2026-55115
CVE-2026-34910CVE-2026-34910
CVE-2026-55116CVE-2026-55116
CVE-2026-54400CVE-2026-54400
CVE-2026-34908CVE-2026-34908
CVE-2026-50748CVE-2026-50748
Target & Sectors
Global Scope
Incident Timeline
February 2024
The Ubiquiti Patches were applied to the UniFi devices by MooBot.
Click on any entity below to view its context and source!
tactic
Botnet
The botnet, dubbed
MooBot
, was felled in a law enforcement operation in February 2024.
2026/06/08
Threat actors used a vulnerability in UniFi OS to target versions 5.1.15 and earlier, which were patched by version 5.1.19 on June 8, 2026.
Click on any entity below to view its context and source!
infrastructure
5.1.15
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
infrastructure
5.1.19
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
vulnerability
CVE-2026-34908
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
vulnerability
CVE-2026-34909
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
vulnerability
CVE-2026-34910
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
attribution
UniFi OS
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
Jul 08, 2026
The threat actors exploited a Server-Side Request Forgery vulnerability in UniFi Protect Application, which allowed them to escalate privileges on the host device.
Click on any entity below to view its context and source!
infrastructure
3.4.16
(Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
CVE-2026-50747
(CVSS score: 9.9) -
infrastructure
3.4.20
(Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
CVE-2026-50747
(CVSS score: 9.9) -
infrastructure
9.9
(Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
CVE-2026-50747
(CVSS score: 9.9) -
(Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
CVE-2026-50748
(CVSS score: 9.9) -
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
(Affects 7.1.77 and earlier; fixed in version 7.1.83)
CVE-2026-54402
(CVSS score: 9.9) -
infrastructure
5.1.2
(Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
CVE-2026-50748
(CVSS score: 9.9) -
infrastructure
5.2.2
(Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
CVE-2026-50748
(CVSS score: 9.9) -
infrastructure
4.2.28
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
infrastructure
4.2.29
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
organisation
CVE-2026-55115
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
organisation
UniFi Protect Application
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
infrastructure
7.1.77
(Affects 7.1.77 and earlier; fixed in version 7.1.83)
CVE-2026-54402
(CVSS score: 9.9) -
infrastructure
7.1.83
(Affects 7.1.77 and earlier; fixed in version 7.1.83)
CVE-2026-54402
(CVSS score: 9.9) -
infrastructure
9.1
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
organisation
CVE-2026
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
infrastructure
5.1.15
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
CVE-2026-55116
(CVSS score: 9.0) -
infrastructure
5.1.19
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
CVE-2026-55116
(CVSS score: 9.0) -
infrastructure
9.0
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
CVE-2026-55116
(CVSS score: 9.0) -
organisation
UniFi Connect Application
An improper access control vulnerability in UniFi Connect Application that an attacker with access to the network could exploit to execute a command injection on the host device.
organisation
SQL
A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device.
organisation
UniFi Talk Application
A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device.
organisation
UniFi Access Application
An improper input validation vulnerability in UniFi Access Application that an attacker with access to the network could exploit to execute a command injection on the host device.
2026/07/08
Ubiquiti shipped updates to address multiple critical security flaws impacting UniFi Connect, Talk, Access, Protect, and UniFi OS.
Click on any entity below to view its context and source!
organisation
Vulnerability / Network Security
Ravie Lakshmanan
Jul 08, 2026
Vulnerability / Network Security
Ubiquiti has
shipped updates
to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
organisation
UniFi Connect
Ravie Lakshmanan
Jul 08, 2026
Vulnerability / Network Security
Ubiquiti has
shipped updates
to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
organisation
UniFi Talk
Ravie Lakshmanan
Jul 08, 2026
Vulnerability / Network Security
Ubiquiti has
shipped updates
to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
organisation
UniFi Access
Ravie Lakshmanan
Jul 08, 2026
Vulnerability / Network Security
Ubiquiti has
shipped updates
to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
organisation
UniFi Protect
Ravie Lakshmanan
Jul 08, 2026
Vulnerability / Network Security
Ubiquiti has
shipped updates
to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
organisation
UniFi
Ravie Lakshmanan
Jul 08, 2026
Vulnerability / Network Security
Ubiquiti has
shipped updates
to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
Researchers at Bishop Fox later demonstrated that the three flaws
could be chained
to achieve full remote code execution with elevated privileges on vulnerable UniFi OS devices.
organisation
Bishop Fox
Researchers at Bishop Fox later demonstrated that the three flaws
could be chained
to achieve full remote code execution with elevated privileges on vulnerable UniFi OS devices.
organisation
CVE-2026
CVE-2026-34909
: a directory/path traversal vulnerability that allows an attacker to access sensitive files on the underlying operating system, potentially exposing configuration files, credentials, and other sensitive data that could facilitate account takeover.
organisation
Ubiquiti Patches Critical UniFi
Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS.
organisation
CVE-2025
The security issue exploited in Lantronix servers is tracked as
CVE-2025-67038
, and is a critical-severity root-level command injection affecting model EDS5000 running firmware 2.1.0.0R3.
organisation
CVE-2025-67038
Lantronix released a
released a patch
for CVE-2025-67038 and recommends users to upgrade to EDS5000 version 2.2.0.0R1.
infrastructure
2.2.0
Lantronix released a
released a patch
for CVE-2025-67038 and recommends users to upgrade to EDS5000 version 2.2.0.0R1.
organisation
EDR
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Tactical Metrics
Metrics
infrastructure
3.4.16
Software Version
Click for context!
(Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
CVE-2026-50747
(CVSS score: 9.9) -
Metrics
infrastructure
3.4.20
Software Version
(Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
CVE-2026-50747
(CVSS score: 9.9) -
Metrics
infrastructure
9.9
Software Version
(Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
CVE-2026-50747
(CVSS score: 9.9) -
(Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
CVE-2026-50748
(CVSS score: 9.9) -
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
(Affects 7.1.77 and earlier; fixed in version 7.1.83)
CVE-2026-54402
(CVSS score: 9.9) -
Metrics
infrastructure
5.1.2
Software Version
(Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
CVE-2026-50748
(CVSS score: 9.9) -
Metrics
infrastructure
5.2.2
Software Version
(Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
CVE-2026-50748
(CVSS score: 9.9) -
Metrics
infrastructure
4.2.28
Software Version
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
Metrics
infrastructure
4.2.29
Software Version
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-55115
(CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device.
Metrics
infrastructure
9.1
Software Version
(Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
CVE-2026-54400
(CVSS score: 9.1) -
Metrics
infrastructure
7.1.77
Software Version
(Affects 7.1.77 and earlier; fixed in version 7.1.83)
CVE-2026-54402
(CVSS score: 9.9) -
Metrics
infrastructure
7.1.83
Software Version
(Affects 7.1.77 and earlier; fixed in version 7.1.83)
CVE-2026-54402
(CVSS score: 9.9) -
Metrics
infrastructure
5.1.15
Software Version
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
CVE-2026-55116
(CVSS score: 9.0) -
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
Metrics
infrastructure
5.1.19
Software Version
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
CVE-2026-55116
(CVSS score: 9.0) -
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was
flagged
by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
Metrics
infrastructure
9.0
Software Version
(Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
CVE-2026-55116
(CVSS score: 9.0) -
Metrics
infrastructure
2.2.0
Software Version
Lantronix released a
released a patch
for CVE-2025-67038 and recommends users to upgrade to EDS5000 version 2.2.0.0R1.
Intelligence Sources
BleepingComputer
2026-06-24
CISA warns of max severity Ubiquiti flaws exploited in attacks
BleepingComputer
The Hacker News
2026-07-08
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-07-09T06:01
Comprehensive Tactical Telemetry
Highly Correlated Entities
18x
organisation
Identified Entity
Vulnerability / Network Security
entity
14x
infrastructure
Software Version
3.4.16
version
11x
vulnerability
Exploited CVE
CVE-2026-50746
cve
6x
attribution
Attributing Entity
Ubiquiti Edge OS
authority
4x
tactic
Cyber Operation Type
Botnet
tactic
3x
timeline
Temporal Reference
February 2024
date
3x
general metric
Score
10
score
2x
general metric
Jul
8
jul
2x
tactic
MITRE ATT&CK Technique
T1584.004 - Server
technique
2x
general metric
%
54
%
Contextual Telemetry
Context Block
2 METRICS
source region
Origin Country
Russian Federation
country
general metric
Bod
4
bod
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.