Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has released security updates to address seven critical vulnerabilities across UniFi OS, including a maximum-severity command injection issue tracked as CVE-2026-50746. The flaw affects UniFi Connect Application (versions 3.4.16 and earlier) and could allow an attacker with network access to inject commands and compromise the host device. In addition, Ubiquiti patched six other critical-severity issues (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) affecting UniFi Talk, UniFi Access, UniFi Protect, the UniFi OS Server, and a range of Ubiquiti routers, gateways, NAS, and surveillance systems. With many UniFi OS instances exposed online, timely upgrades matter to reduce the risk of automated compromise.