Ubiquiti has released security updates addressing seven critical vulnerabilities across multiple UniFi products. The flaws could allow attackers with network access to perform remote command execution (RCE), privilege escalation, unauthorised device modifications, and server-side request forgery (SSRF). Several vulnerabilities carry CVSS scores between 9.0 and 10.0, representing a significant risk to organisations using affected UniFi deployments.
While Ubiquiti has stated there is currently no evidence of active exploitation, the vulnerabilities impact products commonly used in enterprise, SMB, education, and retail environments, making rapid patching essential.
Vulnerability Details:
|
CVE |
Product |
CVSS |
Impact |
|
CVE-2026-50746 |
UniFi Connect |
10.0 |
Command Injection / RCE |
|
CVE-2026-50747 |
UniFi Talk |
9.9 |
Authenticated SQL Injection / Privilege Escalation |
|
CVE-2026-50748 |
UniFi Access |
9.9 |
Command Injection / RCE |
|
CVE-2026-54400 |
UniFi Access |
9.1 |
Privilege Escalation |
|
CVE-2026-55115 |
UniFi Protect |
9.9 |
SSRF / Privilege Escalation |
|
CVE-2026-54402 |
UniFi OS |
9.9 |
Command Injection / RCE |
|
CVE-2026-55116 |
UniFi OS |
9.0 |
Unauthorized Device Modifications |
Technical Details:
1. CVE-2026-50746 – UniFi Connect
- CVSS: 10.0 (Critical)
- Issue: Improper access control.
- Impact: Attackers with network access may execute arbitrary commands on the host device.
- Affected Versions: 3.4.16 and earlier.
- Fixed Version: 3.4.20.
2. CVE-2026-50747 – UniFi Talk
- CVSS: 9.9 (Critical)
- Issue: Authenticated SQL Injection vulnerabilities.
- Impact: Privilege escalation on the host system.
- Affected Versions: 5.1.2 and earlier.
- Fixed Version: 5.2.2.
3. CVE-2026-50748 – UniFi Access
- CVSS: 9.9 (Critical)
- Issue: Improper input validation.
- Impact: Command injection leading to arbitrary code execution.
- Affected Versions: 4.2.28 and earlier.
- Fixed Version: 4.2.29.
4. CVE-2026-54400 – UniFi Access
- CVSS: 9.1 (Critical)
- Issue: Improper access control.
- Impact: Privilege escalation.
- Affected Versions: 4.2.28 and earlier.
- Fixed Version: 4.2.29.
5. CVE-2026-55115 – UniFi Protect
- CVSS: 9.9 (Critical)
- Issue: Server-Side Request Forgery (SSRF).
- Impact: Low-privileged users can escalate privileges on the host device.
- Affected Versions: 7.1.77 and earlier.
- Fixed Version: 7.1.83.
6. CVE-2026-54402 – UniFi OS
- CVSS: 9.9 (Critical)
- Issue: Improper input validation.
- Impact: Command injection and host compromise.
- Affected Versions: 5.1.15 and earlier.
- Fixed Version: 5.1.19.
7. CVE-2026-55116 – UniFi OS
- CVSS: 9.0 (Critical)
- Issue: Improper access control.
- Impact: Unauthorized configuration changes to managed devices.
- Affected Versions: 5.1.15 and earlier.
- Fixed Version: 5.1.19
Threat Assessment:
Although active exploitation has not been observed, the vulnerabilities present attractive targets for threat actors because:
- Several flaws enable remote command execution.
- Multiple vulnerabilities allow privilege escalation from authenticated or low-privileged accounts.
- UniFi products often occupy privileged positions within enterprise networks.
- Successful exploitation could provide attackers with:
- Administrative control of UniFi infrastructure.
- Network visibility and persistence.
- Opportunities for lateral movement.
- Access to surveillance and physical access-control systems.
Additionally, Ubiquiti infrastructure has previously attracted attention from threat actors. CISA recently added other UniFi OS vulnerabilities to its Known Exploited Vulnerabilities catalog and Russian-affiliated actors previously leveraged compromised Ubiquiti devices as part of the MooBot botnet infrastructure.
Recommendations:
Update affected systems immediately
- UniFi Connect → 3.4.20 or later
- UniFi Talk → 5.2.2 or later
- UniFi Access → 4.2.29 or later
- UniFi Protect → 7.1.83 or later
- UniFi OS → 5.1.19 or later
- Unexpected privilege escalations.
- New administrator accounts.
- Suspicious outbound connections from UniFi appliances.
- Unusual command execution activity.
- Configuration changes outside approved maintenance windows.
Security Monitoring:
Monitor for indicators including:
- Unexpected privilege escalations.
- New administrator accounts.
- Suspicious outbound connections from UniFi appliances.
- Unusual command execution activity.
- Configuration changes outside approved maintenance windows.
