Bishop Fox disclosed a three-vulnerability chain in Ubiquiti UniFi OS Server enabling unauthenticated remote code execution with root privileges. The chain carries a CVSS of 9.8 and requires no credentials to exploit, making any internet-exposed UniFi management interface a critical exposure. Ubiquiti has released patches; specific CVE identifiers and affected version ranges are pending official Ubiquiti advisory publication, which should be monitored at ui.com/security-advisories.