securityaffairs.com 7/8/2026, 9:48:27 PM · external

Ubiquiti Fixes Severe UniFi OS Bugs, Including CVE-2026-50746

Ubiquiti Fixes Severe UniFi OS Bugs, Including CVE-2026-50746

UBIQUITI has released patches for seven critical vulnerabilities in UniFi OS, including the severe CVE-2026-50746, which allows command injection in the UniFi Connect Application with a CVSS score of 10.0. Affected versions include 3.4.16 and earlier.

Other vulnerabilities include CVE-2026-50747 (9.9, SQL injection), CVE-2026-50748 (9.9, improper input validation), CVE-2026-54400 (9.1, improper access control), CVE-2026-54402 (9.9, SSRF), CVE-2026-55115 (9.9, CORS misconfiguration), and CVE-2026-55116 (9.0, unauthorized changes). Ubiquiti recommends updating immediately to mitigate risks, and has not confirmed any exploitation of these vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Ubiquiti vulnerabilities to its known exploited vulnerabilities catalog.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline