Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Ubiquiti warns of new max severity UniFi OS vulnerability

0
Critical
Exploit
Published: 07/08/2026 (07/08/2026, 08:15:20 UTC)
Source: Bleeping Computer

Description

Ubiquiti has released security updates addressing seven critical vulnerabilities in UniFi OS, including a maximum-severity command injection flaw (CVE-2026-50746) in the UniFi Connect Application. This vulnerability allows a malicious actor with network access to execute commands on the host device due to improper access control. Additional critical vulnerabilities affect UniFi Talk, UniFi Access, UniFi Protect applications, UniFi OS Server, and various Ubiquiti routers and devices. Ubiquiti advises updating UniFi Connect to version 3.4.20 or later to mitigate the command injection risk. No confirmed exploitation in the wild has been reported yet. The vulnerabilities can be exploited with low complexity and without user interaction, increasing their risk. The affected software is widely deployed, with many instances exposed online, particularly in the United States.

Affected software

Affected versions
<=3.4.16

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/08/2026, 08:28:33 UTC

Technical Analysis

Ubiquiti disclosed seven critical vulnerabilities in UniFi OS products, including CVE-2026-50746, a maximum-severity command injection vulnerability in UniFi Connect Application versions 3.4.16 and earlier. This flaw arises from improper access control, enabling attackers with network access to execute arbitrary commands on the host. Ubiquiti patched this by releasing UniFi Connect version 3.4.20. Additional critical vulnerabilities (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) affect other UniFi OS components and devices. These vulnerabilities can be exploited with low complexity and do not require user interaction. While no active exploitation has been confirmed, the widespread exposure of UniFi OS instances online, especially in the US, raises concern. Ubiquiti recommends immediate patching to secure affected systems.

Potential Impact

Successful exploitation of CVE-2026-50746 allows an attacker with network access to execute arbitrary commands on the host device, potentially leading to full system compromise. The other six critical vulnerabilities similarly pose significant risks across UniFi OS applications and devices. The low complexity of exploitation and lack of required user interaction increase the likelihood and ease of attacks. Compromised devices could be used for malicious purposes such as botnets or espionage. The widespread exposure of vulnerable UniFi OS instances online amplifies the potential impact.

Mitigation Recommendations

Ubiquiti has released official patches addressing these vulnerabilities. Users must update the UniFi Connect Application to version 3.4.20 or later to remediate the command injection vulnerability (CVE-2026-50746). Additionally, patches are available for UniFi Talk, UniFi Access, UniFi Protect applications, UniFi OS Server, and other affected devices. Applying these updates promptly is the recommended mitigation. There is no indication that these vulnerabilities are already mitigated or require no action. Organizations should verify that all UniFi OS instances are updated to the fixed versions to prevent exploitation.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Threat ID: 6a4e0a26c9d9e3dbe3c1599b

Added to database: 07/08/2026, 08:28:22 UTC

Last enriched: 07/08/2026, 08:28:33 UTC

Last updated: 07/08/2026, 10:20:42 UTC

Views: 50

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses