Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has issued patches for multiple critical security vulnerabilities discovered across its UniFi ecosystem. The affected products include UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. These vulnerabilities pose significant risks, potentially enabling attackers to gain elevated privileges or execute arbitrary commands on vulnerable systems.
The vulnerabilities identified include CVE-2026-50746, a critical flaw in UniFi Connect Application (CVSS 10.0) that allows for command injection. In UniFi Talk Application, CVE-2026-50747 (CVSS 9.9) presents authenticated SQL injection risks leading to privilege escalation.
UniFi Access Application is affected by two vulnerabilities: CVE-2026-50748 (CVSS 9.9) for command injection and CVE-2026-54400 (CVSS 9.1) for privilege escalation, both stemming from improper access control or input validation.
Furthermore, UniFi Protect Application has a Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-55115 (CVSS 9.9), which can be exploited by low-privileged attackers to escalate their privileges.
UniFi OS itself is not immune, with CVE-2026-54402 (CVSS 9.9) allowing for command injection and CVE-2026-55116 (CVSS 9.0) enabling unauthorized changes to device configurations, both due to improper input validation and access control issues.
While there is currently no indication that these newly patched vulnerabilities have been actively exploited in the wild, Ubiquiti's products have been targeted previously. Notably, three other vulnerabilities in UniFi OS were recently identified by CISA as being weaponized in real-world attacks.
Additionally, Russian state-sponsored threat actors were previously observed using compromised Ubiquiti Edge OS routers as part of a botnet known as MooBot, which was disrupted by law enforcement in February 2024. This history underscores the importance of timely patching for Ubiquiti devices.





