Serial number: AV26-498
Date: May 22, 2026
Updated: June 23, 2026
On May 21, 2026, Ubiquiti published a security advisory to address vulnerabilities in the following products. Included were critical updates for the following:
- Express - version 4.0.13 and prior
- UCG-Industrial - version 5.0.13 and prior
- UDM, UDM-Pro, UDM-SE, UDM-Pro-Max, EFG, UDW, UDR, UDR7, Express 7, UNVR, UNVR-Pro, UNVR-Instant, ENVR, UCG-Ultra, UCG-Max and UCG-Fiber - version 5.0.16 and prior
- UDM-Beast, UNAS-2, UNAS-4, UNAS-Pro, UNAS-Pro-4 and UNAS-Pro-8 - version 5.1.8 and prior
- UDR-5G, ENVR-Core, UCKP, UCK and UCK-Enterprise - version 5.0.17 and prior
- UNVR-G2 and UNVR-G2-Pro - version 5.1.11 and prior
- UniFi OS Server - version 5.0.6 and prior
Update 1
On June 23, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.