Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk

1 min read
Source: BleepingComputer
Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk
Photo: BleepingComputer
TL;DR Summary

Ubiquiti released security updates to fix seven critical UniFi OS vulnerabilities, including CVE-2026-50746 in the UniFi Connect App that could allow command injection; users should upgrade the UniFi Connect app to version 3.4.20+ and apply patches across UniFi Talk, UniFi Access, UniFi Protect, and the UniFi OS Server. The company notes several flaws can be exploited in low-complexity attacks with no user interaction. Threats note that more than 100,000 UniFi OS instances are exposed online (per Censys), though it isn’t clear how many are patched, honeypots, or otherwise secured. The report also references past CISA/FBI warnings and demonstrations of exploitation techniques in related Ubiquiti products.

Share this article

Reading Insights

Total Reads

1

Unique Readers

7

Time Saved

3 min

vs 4 min read

Condensed

86%

725105 words

Want the full story? Read the original article

Read on BleepingComputer