Critical UniFi OS bug enables unauthenticated root access
🔒 Researchers found that three fixed flaws in UniFi OS Server (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) can be chained to achieve remote code execution with root privileges on versions 5.0.6 and earlier. Bishop Fox validated the full attack path on a live instance, showing an authentication bypass via URI normalization differences and a subsequent command injection that escalates to root due to passwordless sudo. A detection script and guidance are available; upgrade to 5.0.8 or later.
