Ubiquiti patches three max severity UniFi OS vulnerabilities
Ubiquiti has patched three critical vulnerabilities in UniFi OS, all rated maximum severity (CVSS 10.0). The flaws, discovered internally, allow unauthenticated remote attackers to execute arbitrary code on affected devices. The vulnerabilities impact UniFi OS versions prior to 4.1.13 for UniFi Cloud Gateways and 3.2.10 for UniFi Network Applications. Ubiquiti released updates on May 22, 2026, and recommends immediate installation. No workarounds are available. The company did not disclose technical details to allow users time to patch. These are the most severe vulnerabilities ever reported for UniFi OS, potentially allowing full device takeover.
// why it matters
Unpatched UniFi devices could be fully compromised remotely without authentication.