Ubiquiti Addresses Critical Security Vulnerabilities in UniFi Connect, Talk, Access, Protect, and OS
Ubiquiti has released critical security patches for multiple UniFi products, addressing high-severity vulnerabilities including command injection, SQL injection, and privilege escalation across Connect, Talk, Access, Protect, and OS. Several flaws were noted as having been weaponized in real-world attacks by state-sponsored actors, underscoring the urgency of the updates.
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
The list of vulnerabilities is as follows -
CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attacker
*** END OF TRANSMISSION ***