Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation

Ubiquiti patched seven UniFi OS flaws, including critical CVE-2026-50746, which allows command injection in UniFi Connect Application.

Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks.

The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used to manage commercial building systems such as smart lighting and EV chargers. Organizations using affected versions should update promptly to reduce compromise risks.

“A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.” reads the advisory.

The vendor also addressed thcritical vulnerabilities:

  • CVE-2026-50747 (CVSS score of 9.9): The vulnerability affects UniFi Talk Application and consists of authenticated SQL injection flaws. A low-privileged attacker with network access can exploit the issue to escalate privileges and gain greater control over the host device.
  • CVE-2026-50748 (CVSS score of 9.9): The vulnerability affects UniFi Access Application and is caused by improper input validation. A low-privileged attacker with network access can exploit the flaw to execute commands on the host device.
  • CVE-2026-54400 (CVSS score of 9.1): The vulnerability affects UniFi Access Application and is caused by improper access control. A high-privileged attacker can exploit it to escalate privileges on the affected host device.
  • CVE-2026-54402 (CVSS score of 9.9): The vulnerability affects multiple UniFi OS devices and allows a low-privileged attacker with network access to exploit an SSRF vulnerability, potentially leading to privilege escalation within UniFi OS environments.
  • CVE-2026-55115 (CVSS score of 9.9): The vulnerability affects UniFi OS/UniFi Protect environments and is related to a CORS misconfiguration. An attacker can abuse a victim’s authenticated session to perform unauthorized actions.
  • CVE-2026-55116 (CVSS score of 9.0): The vulnerability affects certain UniFi OS devices and allows unauthorized changes through an improper access control issue under specific network conditions.

Ubiquiti recommends updating affected products to the fixed versions listed in Security Advisory Bulletin 066.

Ubiquiti has not confirmed whether any of the vulnerabilities were exploited in attacks in the wild.

In June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Ubiquiti UniFi OS issues to its Known Exploited Vulnerabilities (KEV) catalog.

  • CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability
  • CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability
  • CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter