Ubiquiti patches seven critical UniFi OS flaws, including max-severity bug
Ubiquiti has issued security updates for seven critical vulnerabilities affecting UniFi OS and related applications. The most serious issue, tracked as CVE-2026-50746, carries a maximum severity ratin...
Ubiquiti has issued security updates for seven critical vulnerabilities affecting UniFi OS and related applications. The most serious issue, tracked as CVE-2026-50746, carries a maximum severity rating and could allow command injection on impacted systems.
According to Ubiquiti, CVE-2026-50746 affects UniFi Connect Application version 3.4.16 and earlier. The flaw stems from an improper access control issue that could let a malicious actor with network access run commands on the host device. Ubiquiti says users should upgrade UniFi Connect to version 3.4.20 or later to reduce the risk of exploitation.
Additional critical flaws patched
In the same advisory, Ubiquiti addressed six more critical-severity vulnerabilities, identified as CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, and CVE-2026-55116. The issues span UniFi Talk, UniFi Access, UniFi Protect, the UniFi OS Server, and a broad set of Ubiquiti hardware, including routers, gateways, NAS devices, and surveillance products.
- The company has not said whether any of the flaws were actively exploited before patching.
- Six of the seven vulnerabilities are described as low-complexity attacks that do not require user interaction.
- Administrators are being urged to apply updates as soon as possible.
Ubiquiti products have been frequent targets for threat actors in the past, including state-linked groups and cybercrime operations that have abused compromised devices for proxying malicious traffic. In recent years, security agencies have also warned that internet-facing Ubiquiti systems can be attractive targets when critical flaws remain unpatched.
Threat intelligence data from Censys suggests that more than 100,000 UniFi OS instances are exposed online, with nearly 50,000 located in the United States. However, those figures may not reflect the current state of exposure, since scanning datasets can include historical results and may also capture honeypots or already secured systems.
Given the severity of the newly fixed issues, security teams running UniFi deployments should review their versions and verify that affected components have been updated across all managed environments.
