Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk

Ubiquiti released security updates to fix seven critical UniFi OS vulnerabilities, including CVE-2026-50746 in the UniFi Connect App that could allow command injection; users should upgrade the UniFi Connect app to version 3.4.20+ and apply patches across UniFi Talk, UniFi Access, UniFi Protect, and the UniFi OS Server. The company notes several flaws can be exploited in low-complexity attacks with no user interaction. Threats note that more than 100,000 UniFi OS instances are exposed online (per Censys), though it isn’t clear how many are patched, honeypots, or otherwise secured. The report also references past CISA/FBI warnings and demonstrations of exploitation techniques in related Ubiquiti products.
- Ubiquiti warns of new max severity UniFi OS vulnerability BleepingComputer
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS The Hacker News
- Ubiquiti Disclosed 25 Security Vulnerabilities Across the UniFi Ecosystem CyberSecurityNews
- UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover Tech Times
- Ubiquiti Fixes CVE-2026-50746 in UniFi Connect SOCRadar® Cyber Intelligence Inc.
Reading Insights
1
7
3 min
vs 4 min read
86%
725 → 105 words
Want the full story? Read the original article
Read on BleepingComputer