CVE-2026-34910 is an unauthenticated OS command injection flaw in Ubiquiti UniFi OS Server carrying a CVSS of 9.8 and confirmed active exploitation in both the CISA KEV and VulnCheck KEV catalogs. Any UniFi OS device with its management interface reachable from an untrusted network is at immediate risk of full device compromise. This vulnerability is the only KEV-confirmed item in this week’s rollup outside the Fortinet cluster and requires same-priority treatment.