CVE-2026-34909 – Lantronix EDS5000 / UniFi OS Server

CVSS 10 CRITICAL Critical or Zero Day – Immediate Deployment

“When critical vulnerabilities are actively exploited, every unpatched system becomes a potential target.”

Security updates address four critical vulnerabilities affecting Lantronix EDS5000 and UniFi OS Server. CVE-2025-67038 has a CVSS score of 9.8, which is Critical severity. It allows command injection through the HTTP RPC authentication process, enabling arbitrary operating system commands to execute with root privileges. CVE-2026-34908 has a CVSS score of 10.0, which is Critical severity and addresses an improper access control vulnerability that could allow unauthorized changes to UniFi OS systems. CVE-2026-34909 has a CVSS score of 10.0, which is Critical severity and addresses a path traversal vulnerability that could expose and manipulate sensitive system files. CVE-2026-34910 has a CVSS score of 10.0, which is Critical severity and addresses an improper input validation vulnerability that can result in command injection.

These vulnerabilities are reported as being under active exploitation, significantly increasing the operational risk to exposed devices. Organizations should prioritize deployment of the available security updates to reduce the risk of system compromise and unauthorized administrative access.

Key Details

Affected Product
Ui Unifi Os Server
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-22
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.