Tag

Unifi Os

All articles tagged with #unifi os

Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk
security2 days ago

Ubiquiti patches seven UniFi OS flaws, including a critical UniFi Connect command-injection risk

Ubiquiti released security updates to fix seven critical UniFi OS vulnerabilities, including CVE-2026-50746 in the UniFi Connect App that could allow command injection; users should upgrade the UniFi Connect app to version 3.4.20+ and apply patches across UniFi Talk, UniFi Access, UniFi Protect, and the UniFi OS Server. The company notes several flaws can be exploited in low-complexity attacks with no user interaction. Threats note that more than 100,000 UniFi OS instances are exposed online (per Censys), though it isn’t clear how many are patched, honeypots, or otherwise secured. The report also references past CISA/FBI warnings and demonstrations of exploitation techniques in related Ubiquiti products.

Ubiquiti issues patches for three high-severity UniFi OS flaws exploitable remotely
security1 month ago

Ubiquiti issues patches for three high-severity UniFi OS flaws exploitable remotely

Ubiquiti released patches for three max-severity UniFi OS vulnerabilities (CVE-2026-34908/34909/34910) that allow remote attackers to change targeted systems, access underlying files, or inject commands, plus earlier patches for CVE-2026-33000 and CVE-2026-34911. The flaws can be exploited with low complexity on UniFi OS devices. Threat intel tracks nearly 100,000 internet-exposed UniFi OS endpoints (many in the U.S.); there’s no public confirmation of exploitation yet. The fixes were disclosed via HackerOne.