Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical CVE-2024-XXXXX in GCP Dialogflow Lets Attackers Inject Malicious Code
July 7, 2026
Gentlemen Ransomware Uses Custom EDR/AV Killers to Target Global Industries
July 7, 2026
VECTRA and TeamPCP reverse ransomware kill chain with supply chain credential theft
July 7, 2026
Home/CyberSecurity News/Ubiquiti Discloses 25 UniFi Vulnerabilities, 2 Critical
CyberSecurity News

Ubiquiti Discloses 25 UniFi Vulnerabilities, 2 Critical

Key Takeaways Ubiquiti has revealed 25 new security vulnerabilities impacting its UniFi product line, with two critical flaws scoring 9.9 and 10.0 on the CVSS v3.1 scale. The vulnerabilities affect a...

Sarah simpson
Sarah simpson
July 7, 2026 4 Min Read
3 0

Key Takeaways

  • Ubiquiti has revealed 25 new security vulnerabilities impacting its UniFi product line, with two critical flaws scoring 9.9 and 10.0 on the CVSS v3.1 scale.
  • The vulnerabilities affect a broad range of UniFi products, including UniFi Connect, Talk, Access, Protect, Network Application, and the core UniFi OS platform on UDM, UNVR, and UNAS devices.
  • The most severe vulnerability, CVE-2026-50746, allows unauthenticated command injection via network access.
  • All identified issues have patches available, and administrators are urged to update affected systems immediately.

Ubiquiti has issued Security Advisory Bulletin 066, detailing 25 security vulnerabilities across its UniFi ecosystem. Among these are several critical flaws, rated as high as 10.0 on the CVSS v3.1 scale, which could enable network-based attackers to achieve complete device compromise without authentication.

Table Of Content

  • Key Takeaways
  • Critical Vulnerabilities Detailed
  • High-Severity and Chained Attack Paths
  • Affected Products and Fixed Versions

The extensive advisory covers numerous UniFi product lines, including UniFi Connect, Talk, Access, Protect, and the UniFi Network Application. It also impacts the foundational UniFi OS platform, which underpins UDM, UNVR, and UNAS device families. This disclosure follows a series of critical remote privilege escalation vulnerabilities on the UniFi OS platform that Ubiquiti addressed last month.

Critical Vulnerabilities Detailed

The most severe vulnerability identified is CVE-2026-50746, which has received a perfect CVSS score of 10.0. This flaw, an Improper Access Control issue within the UniFi Connect Application (versions 3.4.16 and earlier), allows any attacker with network adjacency to execute command injection without requiring any form of authentication.

Two other highly critical vulnerabilities, CVE-2026-50747 and CVE-2026-50748, each received a CVSS score of 9.9. CVE-2026-50747 involves an authenticated SQL injection flaw in UniFi Talk, while CVE-2026-50748 describes a command injection vulnerability in UniFi Access. Both of these vulnerabilities could be exploited by low-privileged network users to escalate their access to full control over the affected systems.

Further critical-tier bugs include CVE-2026-54402, another command injection vulnerability in UniFi OS with a 9.9 CVSS score, and CVE-2026-55115, an SSRF-driven privilege escalation flaw in UniFi Protect, also rated 9.9. Rounding out the critical category is CVE-2026-54400, a privilege escalation vulnerability in UniFi Access that scored 9.1 but requires high privileges for exploitation.

Of particular concern is CVE-2026-55116, an Improper Access Control vulnerability rated 9.0. This flaw affects UDM, UDM-Pro, UDM-SE, and other related gateway hardware, potentially allowing unauthorized configuration changes under specific network conditions.

High-Severity and Chained Attack Paths

Several high-severity issues have been identified that could facilitate chained attack paths. CVE-2026-54403, an 8.6-rated path traversal bug in UniFi OS, is explicitly highlighted by Ubiquiti as a potential component in attacks designed to bypass low-privilege access requirements when combined with other vulnerabilities.

Similarly, CVE-2026-54401 (7.7) is an SSRF flaw impacting the UniFi OS Server and the UDM family, which can lead to privilege escalation. Another high-severity issue, CVE-2026-54404 (8.8), leverages authenticated SQL injection for similar privilege escalation outcomes.

The UniFi Protect Application is affected by a cluster of high-impact vulnerabilities. These include two authentication bypass issues, CVE-2026-54407 and CVE-2026-54408, both rated 8.6, which affect API endpoints and data streaming. Additionally, a SQL injection flaw, CVE-2026-56841 (8.8), could allow privilege escalation on the host device running UniFi Protect.

Affected Products and Fixed Versions

Product Vulnerable Version Patched Version
UniFi Connect Application 3.4.16 and earlier 3.4.20+
UniFi Talk Application 5.1.2 and earlier 5.2.2+
UniFi Access Application 4.2.28 and earlier 4.2.29+
UniFi Network Application 10.3.58 and earlier 10.4.57+
UniFi Protect Application 7.1.77 and earlier 7.1.83+
UniFi Protect Floodlight 1.13.4 and earlier 1.13.6+
UniFi OS (UDM/UNVR/UNAS family) 5.1.15–5.1.18 and earlier 5.1.19+

The bulletin credits a diverse group of independent researchers for their contributions. Abdulaziz Almadhi of Catchify Security is specifically recognized for identifying six separate CVEs across the Access, Talk, and Protect applications. Brandon Rossi is credited with four findings impacting UniFi Protect and Access, while Duc Anh Nguyen and Garett Kopcha each contributed two disclosures related to flaws in Connect, Talk, and Network Applications.

<td class="has-text-align-left" data-

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Sarah simpson

Sarah simpson

Sarah is a cybersecurity journalist specializing in threat intelligence and malware analysis. With over 8 years of experience covering APT groups, zero-day exploits, and advanced persistent threats, Sarah brings deep technical expertise to breaking cybersecurity news. Previously, she worked as a security researcher at leading threat intelligence firms, where she analyzed malware samples and tracked cybercriminal operations. Sarah holds a Master's degree in Computer Science with a focus on cybersecurity and is a regular contributor to major security conferences.

Previous Post

STOCKSTAY Backdoor Targets Ukraine with Malicious RDP Files and WinRAR Exploit

Next Post

AnyDesk Phishing Attack Uses Scheduled Tasks for Persistence, Evades Detection

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
AnyDesk Phishing Attack Uses Scheduled Tasks for Persistence, Evades Detection
July 7, 2026
Ubiquiti Discloses 25 UniFi Vulnerabilities, 2 Critical
July 7, 2026
STOCKSTAY Backdoor Targets Ukraine with Malicious RDP Files and WinRAR Exploit
July 7, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us
CVE ID Affected Product Vulnerable Version Fixed Version Vulnerability Type CVSS Score Severity
CVE-2026-50746 UniFi Connect Application 3.4.16 and earlier 3.4.20+ Improper Access Control 10.0 Critical
CVE-2026-50747 UniFi Talk Application 5.1.2 and earlier 5.2.2+ SQL Injection 9.9 Critical
CVE-2026-50748 UniFi Access Application 4.2.28 and earlier 4.2.29+ Improper Input Validation 9.9 Critical
CVE-2026-54400 UniFi Access Application 4.2.28 and earlier 4.2.29+ Improper Access Control 9.1 Critical
CVE-2026-54401 UniFi OS (UDM/UNVR/UNAS family) 5.1.15–5.1.18 and earlier 5.1.19+ SSRF 7.7 High
CVE-2026-54402 UniFi OS (UDM/UNVR/UNAS family) 5.1.15–5.1.18 and earlier 5.1.19+ Improper Input Validation 9.9 Critical
CVE-2026-54403 UniFi OS (UDM/UNVR/UNAS family) 5.1.15–5.1.18 and earlier 5.1.19+ Path Traversal 8.6 High
CVE-2026-54404 UniFi OS (UDM/UNVR/UNAS family) 5.1.15–5.1.18 and earlier 5.1.19+ SQL Injection 8.8 High
CVE-2026-54405 UniFi Network Application 10.3.58 and earlier 10.4.57+ Improper Input Validation (DoS)