Ubiquiti has released patches for seven critical vulnerabilities in UniFi OS, including CVE-2026-50746, which allows for command injection attacks on the UniFi Connect Application. Users are advised to update to version 3.4.20 or later to protect against potential exploits, which could affect numerous devices due to their online exposure.
Ubiquiti has identified seven critical vulnerabilities in its UniFi OS, among which CVE-2026-50746 poses the highest risk. This vulnerability is linked to the UniFi Connect Application, which assists users in the management of smart devices in commercial operations.
CVE-2026-50746 can be exploited via command injection attacks if a malicious actor gains network access. Ubiquiti noted that this vulnerability allows attackers to misuse improper access controls within the application, making it highly critical for users to act immediately.
In addition to CVE-2026-50746, Ubiquiti has addressed six other critical-severity vulnerabilities impacting its UniFi applications and devices. These vulnerabilities can be exploited through low-complexity attacks that do not require user interaction, heightening the urgency for updates.
The ongoing targeting of Ubiquiti products by state-sponsored and criminal groups illustrates the heightened security risks. With nearly 50,000 UniFi OS instances exposed online in the U.S., users are at significant risk if they do not secure their systems promptly.
The history of security incidents involving Ubiquiti products, including the dismantling of the Moobot botnet, underscores the vulnerabilities present in their devices. CISA previously categorized threats associated with Ubiquiti products as high risks, further stressing the importance of timely updates.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Ubiquiti has released patches for seven critical vulnerabilities in UniFi OS, including CVE-2026-50746, which allows for command injection attacks on the UniFi Connect Application. Users are advised to update to version 3.4.20 or later to protect against potential exploits, which could affect numerous devices due to their online exposure.