A critical security flaw in Ubiquiti's UniFi OS server enables attackers to gain root access without authentication by exploiting three vulnerabilities: CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. These flaws, which have been patched in version 5.0.8, allow unauthorized access and command execution on affected systems. Bishop Fox researchers demonstrated that attackers can bypass authentication by manipulating request URIs, ultimately executing arbitrary commands through a command injection vulnerability. The injected commands can escalate privileges due to the service account's passwordless sudo access. Bishop Fox has released a detection script to help organizations identify vulnerable instances, although it does not detect active attacks or previous exploitations. Security teams are advised to monitor specific requests and ensure that systems are updated to the latest version to mitigate risks. The ease of exploitation highlights the importance of maintaining security protocols in network management systems, as these vulnerabilities can lead to significant control over organizational networks.