Critical UniFi OS Flaws Enable Auth Bypass and Command Execution

**Executive summary:** Ubiquiti patched three critical UniFi OS Server vulnerabilities (CVE-2026-34908/34909/34910) that allow an unauthenticated attacker to bypass authentication, perform command injection via the package-update service, and escalate to root, potentially compromising management-plane assets (including JWT signing keys, TLS keys, databases, and physical access systems). Bishop Fox confirmed an end-to-end exploit on version 5.0.6; fixes are in UniFi OS Server 5.0.8 (and vendor-specified hardware-equivalent versions). The advisory provides IOCs (specially encoded request URIs and suspicious package-update parameters) and recommends patching, network access restrictions, key/token rotation, and treating exposed instances as fully compromised.