[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-cisa-flags-four-live-exploits-in-ubiquiti-and-lantronix-gear":10,"sections":41},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":30,"persona_id":22,"persona_name":22,"section":31,"tags":32,"sources":36,"feedback":40,"feedback_at":22,"cost_usd":40,"total_tokens":40},1996,"cisa-flags-four-live-exploits-in-ubiquiti-and-lantronix-gear","CISA Flags Four Live Exploits in Ubiquiti and Lantronix Gear","CISA added four actively exploited vulnerabilities to its KEV Catalog, including three Ubiquiti UniFi OS flaws and a Lantronix code injection bug.","CISA has flagged four vulnerabilities under active attack, split across two vendors: Ubiquiti and Lantronix.\n\nThree of the entries target Ubiquiti's UniFi OS, the firmware running the company's widely deployed networking hardware. One flaw involves improper access control (CVE-2026-34908), a second allows path traversal (CVE-2026-34909), and a third covers improper input validation (CVE-2026-34910). The fourth entry, CVE-2025-67038, affects the Lantronix EDS5000, a device server that bridges serial hardware to ethernet connections and is common in industrial environments. All four were added to CISA's Known Exploited Vulnerabilities Catalog based on evidence of active exploitation, not theoretical risk.\n\nUbiquiti gear is cheap, familiar, and everywhere. Hospitals, schools, small businesses, and enterprise data centers all run UniFi hardware, which makes three distinct flaw classes surfacing at once in UniFi OS harder to dismiss. The Lantronix entry adds a separate concern: device servers embedded in industrial and operational-technology settings are notoriously slow to patch.\n\nOne detail worth flagging: three of the four CVEs carry 2026 year prefixes while the Lantronix entry keeps a 2025 prefix. CISA has not explained the gap. It likely reflects the timeline of formal CVE assignment rather than an error, but verify these identifiers against official sources before using them in your own tracking systems.","[\"security\",\"cisa\",\"ubiquiti\",\"vulnerabilities\"]","2026-06-23T12:00:00.000Z","2026-06-23T18:39:29.376Z","2026-06-23T18:39:38.303Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"publisher-r1","publisher",1,"CVE numbers reference 2026 (CVE-2026-34908\u002F34909\u002F34910) but the article is dated June 23, 2026, while the Lantronix flaw uses a 2025 prefix (CVE-2025-67038), creating an internally inconsistent numbering pattern that may indicate placeholder or erroneous CVE identifiers.","resolved","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fcisa-flags-four-live-exploits-in-ubiquiti-and-lantronix-gear.webp","security",[31,33,34,35],"cisa","ubiquiti","vulnerabilities",[37],{"name":38,"url":39},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Falerts\u002F2026\u002F06\u002F23\u002Fcisa-adds-four-known-exploited-vulnerabilities-catalog",0,{"sections":42},[43,48,53,56,61,66,71,76,81,86,91,96,101,106],{"name":44,"slug":45,"count":46,"latest_published_at":47},"AI","ai",505,"2026-06-23T20:10:33.000Z",{"name":49,"slug":50,"count":51,"latest_published_at":52},"Deals","deals",143,"2026-06-23T21:34:29.000Z",{"name":54,"slug":31,"count":51,"latest_published_at":55},"Security","2026-06-23T19:43:56.000Z",{"name":57,"slug":58,"count":59,"latest_published_at":60},"Policy","policy",101,"2026-06-23T19:11:04.000Z",{"name":62,"slug":63,"count":64,"latest_published_at":65},"Consumer Tech","consumer-tech",84,"2026-06-23T21:34:53.000Z",{"name":67,"slug":68,"count":69,"latest_published_at":70},"Hardware","hardware",71,"2026-06-23T16:50:03.000Z",{"name":72,"slug":73,"count":74,"latest_published_at":75},"Software","software",63,"2026-06-23T11:16:34.000Z",{"name":77,"slug":78,"count":79,"latest_published_at":80},"Dev Tools","dev-tools",53,"2026-06-23T18:13:40.000Z",{"name":82,"slug":83,"count":84,"latest_published_at":85},"Science","science",39,"2026-06-23T05:25:16.000Z",{"name":87,"slug":88,"count":89,"latest_published_at":90},"Gaming","gaming",32,"2026-06-22T17:00:00.000Z",{"name":92,"slug":93,"count":94,"latest_published_at":95},"General","general",26,"2026-06-13T18:35:15.000Z",{"name":97,"slug":98,"count":99,"latest_published_at":100},"Startups","startups",24,"2026-06-23T17:25:54.000Z",{"name":102,"slug":103,"count":104,"latest_published_at":105},"Reviews","reviews",19,"2026-06-14T08:00:00.000Z",{"name":107,"slug":108,"count":109,"latest_published_at":110},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]