CISA Adds Four Known Exploited Vulnerabilities to Catalog
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied. While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities . CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form . Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.
CSIRTS triage
- What
- CISA has added four new vulnerabilities to its KEV Catalog based on active exploitation.
- Who is affected
- Users of Lantronix and Ubiquiti UniFi OS are affected.
- Urgency
- Remediation is urgent due to active exploitation and high severity.
- Action
- Update to the latest versions of affected products.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cisa.gov/news-events/alerts/2026/06/23/cisa-adds-four-known-exploited-vulnerabilities-catalog
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation confirmedCVE-2025-67038Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 55% of all scored CVEs.
- Exploitation confirmedCVE-2026-34908Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 82% of all scored CVEs.
- Exploitation confirmedCVE-2026-34909Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 81% of all scored CVEs.
- Exploitation confirmedCVE-2026-34910Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-67038 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-34908 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-34909 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-34910 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownexploited[Control systems] CISA ICS security advisories (AV26–241) – Update 1cccs
- criticalexploitedUbiquiti security advisory (AV26-498) – Update 1cccs
- criticalexploitedCVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerabilitycisa-kev
- criticalexploitedCVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerabilitycisa-kev
- criticalexploitedCVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerabilitycisa-kev
- criticalexploitedCVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerabilitycisa-kev
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07