socradar.io 7/8/2026, 2:17:42 PM · external

Ubiquiti patches critical command injection flaw in UniFi Connect

Ubiquiti patches critical command injection flaw in UniFi Connect
CyberSIXT Evidence Panel
Primary Source community.ui.com
CISA KEV Not in KEV
Patch Patch Status Unknown

UBIQUITI has released a security advisory (SAB-066) addressing multiple vulnerabilities in the UniFi ecosystem, including the critical CVE-2026-50746, a command injection vulnerability in the UniFi Connect Application. This vulnerability allows an attacker with network access to execute arbitrary commands on the host device. Affected versions include any prior to 3.4.20, and users are urged to update to this version or newer.

Patch management is considered a high priority, as this vulnerability presents a low-complexity, no-privilege attack vector. Organizations are advised to restrict access to management services, monitor for suspicious activity, and patch vulnerable systems promptly. Currently, no reports of exploitation have been confirmed.

View Primary Source Via socradar.io

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline