Executive Summary
On June 23, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation. These vulnerabilities include CVE-2025-67038 affecting Lantronix EDS5000 devices, and three critical issues in Ubiquiti UniFi OS: CVE-2026-34908 (improper access control), CVE-2026-34909 (path traversal), and CVE-2026-34910 (improper input validation). These vulnerabilities are frequently exploited by malicious actors, posing significant risks to federal enterprises. (cyberleveling.com)
The inclusion of these vulnerabilities in the KEV Catalog underscores the ongoing threat posed by unpatched systems. Organizations are urged to prioritize remediation efforts to mitigate potential exploits, especially given the critical nature of these vulnerabilities and their potential impact on network infrastructure.
Why This Matters Now
The addition of these vulnerabilities to the KEV Catalog highlights the immediate need for organizations to assess and secure their network devices against known exploits, as failure to do so could lead to significant security breaches.
Attack Path Analysis
An attacker exploited vulnerabilities in Ubiquiti UniFi OS devices to gain unauthorized access, escalate privileges, move laterally within the network, establish command and control channels, exfiltrate sensitive data, and disrupt network operations.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited CVE-2026-34908, an improper access control vulnerability, to gain unauthorized access to the UniFi OS device.
Related CVEs
CVE-2025-67038
CVSS 9.8A code injection vulnerability in Lantronix EDS5000 allows unauthenticated remote attackers to execute arbitrary OS commands with root privileges.
Affected Products:
Lantronix EDS5000 – 2.1.0.0R3
Exploit Status:
exploited in the wildCVE-2026-34909
CVSS 10A path traversal vulnerability in Ubiquiti UniFi OS allows network-adjacent attackers to access files on the underlying system, potentially leading to account compromise.
Affected Products:
Ubiquiti UniFi OS – < 5.0.8
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Command and Scripting Interpreter
Valid Accounts
Account Discovery
Remote Services
Impair Defenses
Data Destruction
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities
Control ID: 6.2
NYDFS 23 NYCRR 500 – Penetration Testing and Vulnerability Assessments
Control ID: 500.05
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Asset Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Government Administration
Federal agencies face mandatory remediation under BOD 26-04 for Lantronix and Ubiquiti vulnerabilities enabling code injection and access control bypasses.
Telecommunications
Network infrastructure providers using Ubiquiti UniFi systems vulnerable to path traversal and improper input validation exploits compromising communications security.
Information Technology/IT
IT service providers managing Lantronix EDS5000 devices and Ubiquiti networks exposed to active exploitation requiring immediate patch management prioritization.
Financial Services
Banking institutions using affected network devices risk regulatory non-compliance and data breaches through code injection and access control vulnerabilities.
Sources
- CISA Adds Four Known Exploited Vulnerabilities to Cataloghttps://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalogVerified
- Lantronix EDS5000 Code Injection Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2025-67038Verified
- Ubiquiti UniFi OS Path Traversal Vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2026-34909Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it would likely limit the attacker's ability to move laterally, escalate privileges, and exfiltrate data by enforcing strict segmentation and identity-based access controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While Aviatrix CNSF may not prevent the initial exploitation of a device vulnerability, it would likely limit the attacker's ability to leverage this access to compromise other parts of the network.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation would likely limit the attacker's ability to escalate privileges by enforcing strict identity-based access controls and segmenting workloads.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security would likely limit the attacker's ability to move laterally by enforcing strict segmentation and monitoring east-west traffic.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control would likely limit the attacker's ability to establish and maintain command and control channels by providing comprehensive monitoring and control over network traffic.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement would likely limit the attacker's ability to exfiltrate data by enforcing strict egress policies and monitoring outbound traffic.
Aviatrix Zero Trust CNSF would likely limit the attacker's ability to disrupt network operations by enforcing strict segmentation and identity-based access controls, reducing the scope of potential damage.
Impact at a Glance
Affected Business Functions
- Network Management
- User Authentication
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of system configuration files and user credentials.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict lateral movement within the network.
- • Deploy Inline IPS (Suricata) to detect and prevent exploitation attempts.
- • Utilize Cloud Native Security Fabric (CNSF) for real-time inspection and enforcement.
- • Enforce Egress Security & Policy Enforcement to control outbound traffic and prevent data exfiltration.
- • Enhance Threat Detection & Anomaly Response capabilities to identify and respond to suspicious activities promptly.
