Ubiquiti patches 25 UniFi flaws, including unauthenticated command injection on devices
Ubiquiti has released fixes for 25 vulnerabilities across its UniFi ecosystem, including several critical flaws that let a network-based attacker fully compromise devices. The most severe, CVE-2026-50746 rated 10.0, is an improper access-control bug in the UniFi Connect application that allows unauthenticated command injection on the host. Others rated 9.9, spanning UniFi Talk, Access, Protect, and UniFi OS, include SQL injection, command injection, and server-side request forgery that lead to privilege escalation, and some can be chained to bypass authentication requirements. The flaws affect widely deployed gateways and consoles like the UDM family. Ubiquiti lists no interim workarounds, so updating each affected product to its fixed version is the only mitigation.
- Check
- Inventory UniFi Connect, Talk, Access, Protect, Network Application, and UniFi OS devices, including UDM gateways and consoles, confirm their versions against Ubiquiti's advisory, and check which are reachable by untrusted users.
- Affected
- UniFi Connect, Talk, Access, Protect, and UniFi OS devices on affected versions (CVE-2026-50746 and others); network-based attackers can inject commands, escalate privileges, or bypass authentication, with no workarounds available.
- Fix
- Update each affected UniFi product to the fixed version in Ubiquiti's advisory, prioritize devices reachable by untrusted networks, and review UniFi logs for unexpected configuration changes, new accounts, or unusual outbound traffic.