UniFi OS scores a perfect 10.0 RCE, ConnectWise Automate agents can't verify their own updates

An authenticated user on a ManageEngine agent machine can get remote code execution through a vulnerable third-party dependency in ADSelfService Plus, DataSecurity Plus, or RecoveryManager Plus. The attacker needs valid credentials, but once authenticated, they can run arbitrary code on the agent. CVSS 8.4, no known exploitation yet.

Included because

authenticated RCE; agents deployed broadly; common enterprise product

Affected estate

ManageEngine ADSelfService Plus < 6525, DataSecurity Plus < 6264, RecoveryManager Plus < 6313, plus their deployed agents.

How to check

Log into each ManageEngine console and check the build number under Settings > Product Info. Also inventory agent versions on endpoints.

Action

Upgrade each product to the fixed build from ManageEngine's download center and push updated agents.

Urgency

Patch within 24 hours

Why it matters

Any authenticated user can execute arbitrary code on agent machines, which are typically deployed across your entire fleet.

Source

Zohocorp ManageEngine advisory

LiteLLM before 1.83.10 lets any authenticated user promote themselves to proxy_admin by calling the /user/update endpoint with a modified user_role field. Once promoted, they have full admin access to every user, API key, model config, and prompt history in the platform. Users with the org_admin role can do this without any extra exploit chain.

Included because

trivial privilege escalation; no special conditions; exposes sensitive data and keys

Affected estate

LiteLLM proxy instances running versions prior to 1.83.10.

How to check

Check your LiteLLM version with `litellm --version` or inspect your container image tag. Review the user table for unexpected proxy_admin entries.

Action

Upgrade to LiteLLM 1.83.10+ and audit all user roles for signs of privilege escalation.

Urgency

Patch immediately

Why it matters

A low-privilege user can silently become a full admin, exposing all API keys, model configs, and prompt history across your entire LiteLLM deployment.

Source

LiteLLM GitHub advisory

The ConnectWise Automate agent doesn't fully verify that plugins and self-update payloads are authentic. An attacker with network access (for example, through a man-in-the-middle position or compromised update source) could swap in a malicious component. Since Automate agents run with SYSTEM privileges on managed endpoints, this is a serious supply-chain risk. CVSS 8.8, no known exploitation yet.

Included because

supply-chain vector; agents run as SYSTEM; widely deployed by MSPs; high CVSS

Affected estate

All ConnectWise Automate agents deployed from servers running versions prior to 2026.5.

How to check

In the Automate Control Center, check Help > About for the server version. On endpoints, check the Automate agent version in Add/Remove Programs or via the agent tray icon.

Action

Upgrade the Automate server to 2026.5 and confirm all agents pull the updated version.

Urgency

Patch immediately

Why it matters

Automate agents run as SYSTEM on every managed machine. A forged update could give an attacker code execution across your entire managed fleet.

Source

ConnectWise advisory

This is as bad as it gets. A network-reachable attacker can exploit an input validation failure on UniFi OS devices to inject and execute arbitrary commands, no authentication required. CVSS 10.0. If your UniFi gear is internet-facing or reachable from an untrusted network, treat this as an emergency.

Included because

unauthenticated; network-reachable; CVSS 10.0; common network infrastructure; command injection

Affected estate

All UniFi OS-based devices: UDM, UDM-Pro, UDM-SE, UDR, UCG, UNVR, and similar consoles.

How to check

Log into each UniFi console's Settings > System and check the UniFi OS version. Also run a network scan to identify any UniFi devices exposed on public IPs.

Action

Apply the latest UniFi OS firmware immediately. If you can't patch right now, firewall off management interfaces from untrusted networks.

Urgency

Patch immediately

Why it matters

Unauthenticated command injection at the OS level on your network gateway means full device takeover and potential pivot into your entire network.

Source

Ubiquiti security advisory