Three Ubiquiti UniFi OS vulnerabilities covering access control bypass (CVE-2026-34908), path traversal (CVE-2026-34909), and input validation failure (CVE-2026-34910) were added to the CISA KEV catalog on June 23, 2026, confirming active exploitation. The simultaneous addition of three CVEs for the same platform is an unusual pattern suggesting either an active campaign or coordinated research disclosure. Organizations using UniFi OS controllers, which manage network infrastructure including switches, access points, and gateways, face unauthorized network access and lateral movement risk.