Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation


Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation

Pierluigi Paganini
July 08, 2026

Ubiquiti patched seven UniFi OS flaws, including critical CVE-2026-50746, which allows command injection in UniFi Connect Application.

Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks.

The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used to manage commercial building systems such as smart lighting and EV chargers. Organizations using affected versions should update promptly to reduce compromise risks.

“A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.” reads the advisory.

The vendor also addressed thcritical vulnerabilities:

  • CVE-2026-50747 (CVSS score of 9.9): The vulnerability affects UniFi Talk Application and consists of authenticated SQL injection flaws. A low-privileged attacker with network access can exploit the issue to escalate privileges and gain greater control over the host device.
  • CVE-2026-50748 (CVSS score of 9.9): The vulnerability affects UniFi Access Application and is caused by improper input validation. A low-privileged attacker with network access can exploit the flaw to execute commands on the host device.
  • CVE-2026-54400 (CVSS score of 9.1): The vulnerability affects UniFi Access Application and is caused by improper access control. A high-privileged attacker can exploit it to escalate privileges on the affected host device.
  • CVE-2026-54402 (CVSS score of 9.9): The vulnerability affects multiple UniFi OS devices and allows a low-privileged attacker with network access to exploit an SSRF vulnerability, potentially leading to privilege escalation within UniFi OS environments.
  • CVE-2026-55115 (CVSS score of 9.9): The vulnerability affects UniFi OS/UniFi Protect environments and is related to a CORS misconfiguration. An attacker can abuse a victim’s authenticated session to perform unauthorized actions.
  • CVE-2026-55116 (CVSS score of 9.0): The vulnerability affects certain UniFi OS devices and allows unauthorized changes through an improper access control issue under specific network conditions.

Ubiquiti recommends updating affected products to the fixed versions listed in Security Advisory Bulletin 066.

Ubiquiti has not confirmed whether any of the vulnerabilities were exploited in attacks in the wild.

In June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following Ubiquiti UniFi OS issues to its Known Exploited Vulnerabilities (KEV) catalog.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)







Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


AirPods Pro 3

Jada Jones/ZDNET

This year’s WWDC is packed with announcements, including customization to the Liquid Glass display, substantial upgrades to Siri, and more intuitive device functionality.

Also: Apple WWDC 2026: Live updates on iOS 27, Siri, and Tim Cook’s last event as CEO

If you’re an avid AirPods user, there’s one announcement that may excite you, but speakers breezed past it, offering hardly any details. Still, Apple promised a real equalizer in iOS 27, finally giving users the opportunity to customize the sound of their AirPods. 

Apple didn’t say much about the equalizer, but a brief animation showed a graphic EQ, with options to create a custom EQ profile or choose Apple’s recommended EQ settings. Users can adjust lows, mids, and highs, though it’s unclear how precise the equalizer will be.

AirPods EQ WWDC

Apple

Previously, Apple had full faith in its headphones’ sound profile, vowing that its sound engineers crafted AirPods to sound as best as possible. Still, users prefer some control over their devices, and a custom EQ is a welcome addition.

Also: The feature Apple needs to make HomePod stand out isn’t audio-related

AirPods users could only change their AirPods sound profiles in Apple Music settings, and this customization feature still limited them to preset EQ profiles. 

An equalizer is a staple feature for consumer headphones, and even the most limited equalizers are better than none. Bose’s equalizer, for example, allows users to toggle bass, mids, and treble on a 20-point scale. 

Other companies, like JBL, offer a detailed equalizer with 10 frequency bands, adjustable in Hz. I don’t expect Apple’s equalizer to be as thorough as JBL’s, but instead to be on par with Bose’s. Either way, even if you’re content with your AirPods’ sound profile, the option to change it is what matters. 





Source link