Ubiquiti has released security updates addressing three maximum severity vulnerabilities in UniFi OS that can be exploited remotely without authentication. The flaws affect the company's network management platform.
Ubiquiti released patches for three critical vulnerabilities affecting UniFi OS, its centralized network management system. The vulnerabilities carry a maximum severity rating and can be exploited by remote attackers without requiring any privileges or user credentials.
The three flaws impact UniFi OS across multiple versions. Ubiquiti has not disclosed specific technical details about the vulnerabilities, but remote exploitability without authentication indicates they pose significant risk to exposed deployments.
UniFi OS powers Ubiquiti's line of Dream Machine devices and serves as the management interface for UniFi networking equipment used in enterprise, small business, and prosumer environments. The platform manages controllers for switches, access points, gateways, and other network infrastructure.
Organizations running UniFi OS should apply the available updates immediately. Ubiquiti has made patches available through its standard update channels. Users can check for updates within the UniFi OS interface or download patches directly from Ubiquiti's support portal.
The company typically releases security information through its UniFi status page and community forums. Ubiquiti recommends checking these channels regularly for vulnerability announcements and patch availability.
Remote accessibility of UniFi OS, particularly if exposed to the internet or untrusted networks, increases exposure risk. Organizations should review network access controls and consider restricting UniFi OS management interfaces to trusted networks and users.
This patch cycle is part of Ubiquiti's ongoing effort to address security issues in its product line. The company has faced scrutiny in recent years regarding security practices and disclosure timelines, making prompt patching critical for users relying on its equipment for network infrastructure.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.