Hackers are attacking unpatched Ubiquiti UniFi OS devices through critical security bugs. Here’s what happened, which devices are affected, and how to protect your home or office network right away.
Table of Contents
What Happened?
The Cybersecurity and Infrastructure Security Agency (CISA) added the three bugs to its Known Exploited Vulnerabilities Catalog. That means attackers are already using them.
CISA ordered US federal agencies to install fixes by June 26, 2026.
Ubiquiti patched the bugs on May 21, 2026. Since then, the company has also fixed more serious security flaws.
The affected products include UniFi routers, firewalls, gateways, network video recorders, cloud gateways, and other UniFi OS systems.
Researchers at PwnDefend saw attackers using the bugs to install Mirai malware. Malware is harmful software that can damage devices or help criminals control them.
Mirai is often used to build a botnet. A botnet is a group of infected devices controlled by criminals.
Who Was Affected and What Data Was Leaked?
The issue affects a wide range of Ubiquiti UniFi OS devices that have not been updated.
Affected systems include UniFi OS Server, UniFi Cloud Gateways, UniFi Dream Machines, Dream Routers, UniFi Express devices, UniFi video recorders, Cloud Key devices, and UniFi NAS devices.
Cybernews did not report that personal data was leaked. The source also did not say that passwords, banking details, or customer records were leaked.
The main risk is that attackers may take control of unpatched UniFi devices. If criminals control a router or gateway, they may use it to attack other systems or join a botnet.
That matters because your router is not just a box that gives you Wi-Fi. It helps manage the traffic between your devices and the internet.
It is also worth remembering that your personal information may already have been leaked in other incidents. Many people do not find out until strange emails, texts, or account activity appear later.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier. Futureproof monitors your data for leaks 24/7 and helps you reduce scam risks with simple, clear steps.
Futureproof scans your data for leaks and shows exactly how to close security gaps — before scammers find them first.
Check my safetyHow Did the Attack Happen?
The attack happened because of security bugs in UniFi OS. A security bug is a flaw that can let criminals do something they should not be allowed to do.
One bug lets attackers make unauthorized changes to UniFi OS systems.
A second bug is a file access flaw. It may let attackers reach or change files they should not be able to touch.
A third bug may let attackers run commands on the device. In simple terms, that means the device may follow instructions from the attacker.
The source said attackers need network access to use the bugs. Network access means they can reach the device through a network connection.
In one observed attack, criminals used the Mirai loader to install botnet malware on vulnerable UniFi routers.
Ubiquiti has also fixed newer critical bugs. The source said those newer bugs had not been added to CISA’s exploited list at the time of the report.

At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
