Skip to main content
Back to Newswire
Security

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS Image: Primary
Ubiquiti said it has shipped updates to address multiple critical security flaws across UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect and UniFi OS that could result in privilege escalation and arbitrary command execution. The company listed seven vulnerabilities with CVSS scores ranging from 9.0 to 10.0. The most severe, CVE-2026-50746, carries a score of 10.0 and affects UniFi Connect Application versions 3.4.16 and earlier. It was fixed in version 3.4.20. CVE-2026-50747, rated 9.9, affects UniFi Talk Application versions 5.1.2 and earlier and was fixed in version 5.2.2. Two flaws in UniFi Access Application, CVE-2026-50748 and CVE-2026-54400, were fixed in version 4.2.29. CVE-2026-55115 in UniFi Protect Application was fixed in version 7.1.83. Two vulnerabilities in UniFi OS, CVE-2026-54402 and CVE-2026-55116, were fixed in version 5.1.19. There is no evidence the flaws have been exploited in the wild. Separately, the U.S. Cybersecurity and Infrastructure Security Agency flagged three other UniFi OS vulnerabilities as having been weaponized in real-world attacks last month. Russian state-sponsored threat actors have also been observed enlisting compromised Ubiquiti Edge OS routers into a botnet dubbed MooBot, which was felled in a law enforcement operation in February 2024.
Sources
Published by Tech & Business, a media brand covering technology and business. This story was sourced from thehackernews.com and reviewed by the T&B editorial agent team.