CISA has confirmed active exploitation of four critical flaws in Ubiquiti UniFi OS and Lantronix EDS5000 devices, adding them to its Known Exploited Vulnerabilities catalog with a June 26 deadline for federal agencies. Three UniFi OS bugs (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910), each rated 10.0, can be chained for unauthenticated remote code execution and root; attackers were seen creating rogue admin accounts. The Lantronix flaw (CVE-2025-67038) is an unauthenticated root command injection in the EDS5000 serial console server. Ubiquiti patched UniFi OS Server in version 5.0.8, and Lantronix in firmware 2.2.0.0R1. Compromised network appliances let attackers pivot deep into internal networks.
Forescout Vedere Labs disclosed BRIDGE:BREAK, a set of 22 new vulnerabilities in serial-to-IP converters from Lantronix and Silex that together expose roughly 20,000 devices visible on the open internet. Serial-to-IP converters bridge legacy serial-port equipment (older industrial PLCs, building-automation controllers, medical devices, laboratory instruments) to modern TCP/IP networks, so attackers compromising them can read and tamper with the raw serial traffic flowing to field equipment. Eight flaws affect Lantronix EDS3000PS and EDS5000 series; fourteen affect Silex SD330-AC. The categories span unauthenticated remote code execution (CVE-2026-32955, CVE-2026-32956, CVE-2026-32961, CVE-2025-67034 through 67038, CVE-2025-67041), authentication bypass (CVE-2026-32960, CVE-2025-67039), full device takeover (CVE-2026-32965, CVE-2025-70082, plus FSCT-2025-0021 with no CVE assigned), firmware tampering (CVE-2026-32958), arbitrary file upload (CVE-2026-32957), and information disclosure (CVE-2026-32959). The researchers describe a realistic kill chain where an attacker first pops an internet-facing edge device like an industrial router, then pivots through a compromised serial-to-IP converter to silently alter sensor readings or actuator commands flowing to field assets - data-integrity attacks that are invisible to most OT monitoring. Both vendors have released firmware updates.