CISA has flagged four vulnerabilities under active attack, split across two vendors: Ubiquiti and Lantronix.
Three of the entries target Ubiquiti's UniFi OS, the firmware running the company's widely deployed networking hardware. One flaw involves improper access control (CVE-2026-34908), a second allows path traversal (CVE-2026-34909), and a third covers improper input validation (CVE-2026-34910). The fourth entry, CVE-2025-67038, affects the Lantronix EDS5000, a device server that bridges serial hardware to ethernet connections and is common in industrial environments. All four were added to CISA's Known Exploited Vulnerabilities Catalog based on evidence of active exploitation, not theoretical risk.
Ubiquiti gear is cheap, familiar, and everywhere. Hospitals, schools, small businesses, and enterprise data centers all run UniFi hardware, which makes three distinct flaw classes surfacing at once in UniFi OS harder to dismiss. The Lantronix entry adds a separate concern: device servers embedded in industrial and operational-technology settings are notoriously slow to patch.
One detail worth flagging: three of the four CVEs carry 2026 year prefixes while the Lantronix entry keeps a 2025 prefix. CISA has not explained the gap. It likely reflects the timeline of formal CVE assignment rather than an error, but verify these identifiers against official sources before using them in your own tracking systems.