A three-CVE remote code execution chain (CVE-2026-34908/34909/34910, CVSS 9.5) in Ubiquiti UniFi OS is confirmed under active KEV-listed exploitation, with BishopFox providing a public safe-detection tool and documented unauthenticated root RCE. A fourth CVE (CVE-2026-47368) describes an information disclosure via path traversal in the same platform. UniFi OS controllers are the management plane for Ubiquiti’s widely deployed networking product lines in enterprise, SMB, and healthcare environments, making compromise of these devices a network-wide control-plane failure.