CVE Tools
Back to feed
BleepingComputer ·EN-US News source AdvisoryUniFi Connect ApplicationUniFi TalkUniFi Access

Ubiquiti warns of new max severity UniFi OS vulnerability

By Sergiu Gatlan··2 min read
CVE Tools coverage

Ubiquiti has released security updates to address seven critical vulnerabilities across UniFi OS, including a maximum-severity command injection issue tracked as CVE-2026-50746. The flaw affects UniFi Connect Application (versions 3.4.16 and earlier) and could allow an attacker with network access to inject commands and compromise the host device. In addition, Ubiquiti patched six other critical-severity issues (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) affecting UniFi Talk, UniFi Access, UniFi Protect, the UniFi OS Server, and a range of Ubiquiti routers, gateways, NAS, and surveillance systems. With many UniFi OS instances exposed online, timely upgrades matter to reduce the risk of automated compromise.