Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
The list of vulnerabilities is as follows –
- CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
- CVE-2026-50747 (CVSS score: 9.9) – A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
- CVE-2026-50748 (CVSS score: 9.9) – An improper input validation vulnerability in UniFi Access Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
- CVE-2026-54400 (CVSS score: 9.1) – An improper access control vulnerability in UniFi Access Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
- CVE-2026-55115 (CVSS score: 9.9) – A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device. (Affects 7.1.77 and earlier; fixed in version 7.1.83)
- CVE-2026-54402 (CVSS score: 9.9) – An improper input validation vulnerability in UniFi OS that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
- CVE-2026-55116 (CVSS score: 9.0) – An improper access control vulnerability in UniFi OS that an attacker with access to the network could exploit to make unauthorized changes to certain devices. (Affects versions 5.1.15 and earlier; fixed in version 5.1.19)


Leave a Reply