Ubiquiti Patches Seven Critical Vulnerabilities Across UniFi Product Line

Ubiquiti released patches for seven critical flaws across its UniFi product line, including a command injection vulnerability rated CVSS 10.0.

CSBadmin
2 Min Read

Vulnerabilities and Affected Products

Ubiquiti has released security updates addressing seven critical vulnerabilities across multiple UniFi applications and the UniFi operating system. The flaws affect UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS, with severity scores ranging from 9.0 to 10.0. The most severe vulnerability, CVE-2026-50746 with a CVSS score of 10.0, involves improper access control in the UniFi Connect Application that could allow command injection.

Other critical issues include authenticated SQL injection vulnerabilities in UniFi Talk (CVE-2026-50747), command injection flaws in UniFi Access (CVE-2026-50748), and a Server-Side Request Forgery vulnerability in UniFi Protect (CVE-2026-55115). The UniFi OS itself contains two critical flaws: a command injection vulnerability (CVE-2026-54402) and an improper access control issue (CVE-2026-55116) that could allow unauthorized device changes.

Remediation and Broader Context

Ubiquiti has released fixed versions for all affected products, and users are strongly advised to update immediately. While there is no evidence these specific flaws have been exploited in the wild, the company notes that three other UniFi OS vulnerabilities were recently flagged by CISA as being actively weaponized by attackers. Additionally, Russian state-sponsored threat actors have previously targeted compromised Ubiquiti Edge OS routers as part of a botnet operation.

Source: The Hacker News

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:
Share This Article
Follow:
The latest in cybersecurity news and updates.