Ubiquiti Addresses Multiple Critical Vulnerabilities in UniFi Products
Ubiquiti has released critical security patches for multiple UniFi applications, including Connect, Talk, Access, Protect, and OS, addressing vulnerabilities such as command injection, SQL injection, and privilege escalation. Some of these flaws were previously exploited in real-world attacks by threat actors, including Russian state-sponsored groups.
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
The list of vulnerabilities is as follows -
CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attacker
*** END OF TRANSMISSION ***