Three chained CVEs across Ubiquiti UniFi OS — path traversal, improper access control, and improper input validation — combine to achieve unauthenticated root-level RCE on widely deployed enterprise network infrastructure. CISA added all three to the KEV catalog on June 24, 2026, confirming active exploitation with a 48-hour remediation deadline for FCEB agencies. UniFi OS devices are pervasive in SMB and distributed enterprise environments and typically managed through a centralized UniFi Network Controller, meaning a single compromised device can expose an entire site’s network infrastructure.