
Ubiquiti rolls out fixes for critical UniFi vulnerabilities across core apps
Ubiquiti released patches across UniFi Connect, Talk, Access, Protect, and UniFi OS to fix several critical flaws that could allow privilege escalation or remote command execution. The updates address multiple CVEs (e.g., CVE-2026-50746 for Connect; CVE-2026-50747 for Talk; CVE-2026-50748 and CVE-2026-54400 for Access; CVE-2026-55115 for Protect; CVE-2026-54402 and CVE-2026-55116 for OS) with fixed versions listed for each product. While there’s no confirmed exploitation in the wild, the U.S. CISA has flagged some UniFi OS flaws as weaponized, and historical activity like the MooBot botnet operation involved compromised Edge OS routers. Admins should upgrade to the patched releases to mitigate risk.












