ENKVA logo

ENKVA

Archives
Log in
Subscribe
June 24, 2026

ENKVA #011 — Three CVSS 10.0 UniFi OS bugs on KEV, exploited in the wild

If you manage UniFi networks for clients — and a lot of MSPs do — inventory your Ubiquiti consoles this week. Ubiquiti's Security Advisory Bulletin 064 fixes three UniFi OS vulnerabilities that NVD each rates CVSS 10.0 — the maximum. CISA added all three to the Known Exploited Vulnerabilities catalog on June 23 with a June 26 due date, and researchers have already documented them under active exploitation.

The three bugs are worse together than apart. CVE-2026-34908 is an improper-access-control flaw (CWE-284) that lets "a malicious actor with access to the network make unauthorized changes to the system." CVE-2026-34909 is a path-traversal bug (CWE-22) that exposes files "that could be manipulated to access an underlying account." CVE-2026-34910 is a command-injection flaw (CWE-20). Each carries the same AV:N/AC:L/PR:N/UI:N profile: reachable over the network, no privileges, no user interaction.

Chained, they form an unauthenticated remote-code-execution path. The in-the-wild analysis shows attackers sending a single HTTP request that uses encoded path traversal to bypass authentication, then injects shell metacharacters into a package-name parameter to run commands. The payload is a Mirai/Gafgyt-derived IoT bot the analysis tracks as "azsxd" v2.0 — a 67 KB statically linked binary. The affected builds are UniFi OS 5.0.6 and earlier; the fix is 5.0.8.

This is the exact profile BOD 26-04 — the risk-based KEV directive we covered last week — flags for the shortest response: internet-exposable, on KEV, automatable, and granting total control. Every KEV addition this week landed on that three-day floor — UniFi (June 23, due June 26), the Lantronix device-server bug below (June 23, due June 26), and Splunk (June 18, due June 21). The directive binds only federal agencies, but the tiering is a clean filter for your own queue, and this week it points straight at the edge of your clients' networks.

UniFi is the reason this matters more than a typical appliance CVE. The affected consoles — Dream Machines, Cloud Gateways, network video recorders, and the self-hosted UniFi OS Server — sit at the perimeter of small-business networks, and many are reachable for remote administration. A maxed-out, unauthenticated RCE on that device class, with public exploitation and a botnet payload, is a fast route from one exposed console to a foothold inside the LAN behind it.

What to do this week:

  1. Inventory and update every console. Find every UniFi device you manage — UDM, UDM-Pro, UDM-SE, UDR, UNVR, UCG, and self-hosted UniFi OS Server — and apply the UniFi OS update from Bulletin 064. The in-the-wild writeup cites 5.0.8 as the fixed build; confirm the version against the bulletin for your specific model.
  2. Get the management interface off the public internet. The attack needs network access to the UniFi OS web interface. If you expose console management for remote work, move it behind Ubiquiti's remote-access path or a VPN instead of a port-forward.
  3. Assume compromise on anything exposed and unpatched. With a maximum CVSS, public exploit traffic, and a botnet payload, an internet-reachable console still on 5.0.6 or earlier should be treated as already hit. Patch it, then check for the bot binary and unexpected outbound connections before you call it clean.

Advisories

Splunk Enterprise: an unauthenticated file-write bug, exploited, in a sidecar you may not know is running

If you run Splunk Enterprise on-prem, CVE-2026-20253 (CVSS 9.8) lets "an unauthenticated user create or truncate arbitrary files through a PostgreSQL sidecar service endpoint" — an endpoint that ships without authentication controls. Splunk's advisory records "limited exploitation" in June 2026; CISA added it to the KEV catalog on June 18, due June 21. Affected versions are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6; 9.4 and earlier are not affected.

Action: upgrade to 10.2.4, 10.0.7, or 10.4.0. If you cannot patch immediately, disable the sidecar with [postgres] disabled = true in your server config — but that breaks Edge Processor, OpAmp, and SPL2 pipelines, so confirm you do not depend on them before you flip it. Splunk advisory.

Lantronix EDS5000 device servers take an unauthenticated root command injection

For shops running Lantronix EDS5000 serial-to-Ethernet device servers — common in OT, building automation, and remote-console setups — CVE-2025-67038 (CVSS 9.8, CWE-94) landed on KEV on June 23, due June 26. Per NVD, the HTTP RPC module "executes a shell command to write logs when user's authantication fails," concatenating the username into that command "without any sanitization," so injected commands "are executed with root privileges." A failed login is the trigger — no valid credentials needed.

Action: apply the latest EDS5000 firmware and keep these device servers off any internet-facing segment. Serial device servers are easy to leave out of a patch cycle, so check whether any client still runs one before assuming this does not apply. KEV catalog.

Product changes

Intune now enforces Multi Admin Approval on automated Graph API calls

The week of June 22, Intune extended Multi Admin Approval (MAA) to "API calls made by automation through the Microsoft Graph API, not just interactive admin actions," per the Intune What's new page. Calls that lack the required approval headers now fail with HTTP 403.

Action: if you drive Intune through scripts, a PSA/RMM connector, or any Graph automation, audit those flows against your MAA-protected policies now. An unattended job that suddenly returns 403 is the failure mode here, and it will surface as a broken deployment before it surfaces as an alert. Release notes.

Intune requires HTTPS for managed Win32 app content delivery

Also GA the week of June 15: Intune "now requires HTTPS delivery for managed Win32 app content." Clients that previously pulled content through Microsoft Connected Cache will "bypass the cache nodes and fall back to the content delivery network (CDN)" when HTTPS is not configured.

Action: if you run Connected Cache to save bandwidth at client sites, confirm the cache nodes serve over HTTPS. Otherwise large Win32 deployments quietly route around the cache and pull from the CDN across the WAN — the apps still install, but the bandwidth savings disappear without a clear error. Release notes.

Intune moves Android personally-owned work profiles to the Android Management API

Intune is migrating Android Enterprise personally-owned work profile devices to the Android Management API, with "web based enrollment for an improved enrollment flow," per the June 15 notes.

Action: if you enroll BYOD Android under work profile, expect the enrollment experience to change. Pilot the new web-based flow on a test device before clients walk their users through it, so your onboarding docs match what they see. Release notes.

Defender for Endpoint can now discover and sandbox local AI agents on Windows

Defender XDR's June updates add two previews aimed at AI agents on managed Windows endpoints. Discovery surfaces "coding agents and IDE extensions, desktop AI assistants, local AI runtimes, and agent platforms" as assets in inventory and advanced hunting. Runtime protection "inspects the agent loop (user prompts, tool calls, and tool responses) and can block risky activity before it executes, helping stop prompt injection and unsafe agent actions at the device level," per the Defender XDR What's new page.

Action: if developer or analyst workstations run local AI agents, turn on discovery first to see what is actually installed before you write blocking policy. The inventory view is the part you can act on today; runtime blocking is worth piloting on a small group. What's new.

Defender entity pages get an inline threat-intelligence tab

A second June preview adds a Threat Intelligence Insights tab to entity pages for IPs, domains, URLs, and files, surfacing "reputation scores, attributed threat reports, infrastructure relationships, and sandbox analysis" without leaving the investigation, per the Defender XDR notes.

Action: for SOC analysts, this folds a manual TI-lookup step into the entity page. Check it on your next IP or domain pivot — if the enrichment is populated for your tenant, it saves a tab-switch mid-investigation. What's new.

Compliance

Intune adds an audit-only Windows 11 STIG benchmark

For anyone supporting DoD or federal-adjacent clients, the June 15 Intune release adds a Windows 11 STIG SCAP Benchmark audit baseline (GA) that "assesses Windows devices against the recommended configurations" and "generates detailed audit reports without changing any configured settings." It requires "Advanced Analytics licensing."

Action: if you owe a client a STIG posture report, this gives you a read-only assessment without an enforcing baseline that could break their fleet. Budget for the Advanced Analytics license first — the audit baseline is gated behind it. Release notes.

Field notes

A North Korean actor poisoned 140+ npm packages in the Mastra ecosystem

Microsoft reported on June 17 that Sapphire Sleet, "a North Korean state actor that has been active since at least March 2020," compromised "over 140 packages across the mastra and @mastra scopes" by taking over a maintainer account. The injected dependency — a typosquat named easy-day-js, mimicking dayjs — ran a postinstall dropper that "disabled Transport Layer Security (TLS) certificate verification, contacted attacker-controlled command-and-control (C2) infrastructure, downloaded a second-stage payload, and executed the payload as a detached hidden process."

Action: Microsoft's guidance is to "pin known-good package versions" and run npm install --ignore-scripts to block postinstall hooks during dependency installs. If you build on Mastra, rotate credentials and check for the indicator files $TMPDIR/.pkg_history and $TMPDIR/.pkg_logs. Microsoft analysis.

When one incident is actually two unrelated attackers

Microsoft's DART team described an investigation where "two unrelated threat actors operating simultaneously" inside one environment masked each other's activity and complicated detection.

Action: the operational takeaway for responders is to not stop at the first root cause. Overlapping techniques from a second actor can read as noise from the first, so confirm each artifact maps to one intrusion before you close the case. DART writeup.

Don't miss what's next. Subscribe to ENKVA:
← Newer ENKVA #012 — SimpleHelp RMM auth bypass hits KEV, exploited against support tools Older → ENKVA #010 — CISA's BOD 26-04 rewrites the KEV patch clock

Add a comment:

You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.
Powered by Buttondown, the easiest way to start and grow your newsletter.