Security Intelligence
July 9, 2026 | Security intelligence
Ubiquiti patches multiple critical vulnerabilities in UniFi products
At a glance: Ubiquiti released security updates on July 2, to address multiple vulnerabilities affecting UniFi products used for network management, physical access control, video surveillance, communications, and building automation. The advisory includes several critical vulnerabilities, led by CVE-2026-50746 (CVSS 10.0), which affects UniFi Connect and could allow a threat actor with network access to perform command injection on vulnerable systems. While Ubiquiti has not reported active exploitation, similar UniFi OS vulnerability classes were recently exploited, making patching a priority for internet-accessible deployments.
Threat summary
On July 2, 2026, Ubiquiti addressed multiple vulnerabilities affecting its UniFi network management, physical access control, video surveillance, communications, and building automation platforms.
The affected products include UniFi Network Application, UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS.
The most severe flaw, tracked as CVE-2026-50746, received a maximum CVSS score of 10.0 and affects the UniFi Connect Application, which is used to manage smart building infrastructure such as lighting systems and electric vehicle chargers.
CVE-2026-50746 is an improper access control flaw that enables command injection on the host device. A threat actor with network access to a vulnerable system could exploit the issue against UniFi Connect Application versions 3.4.16 and earlier. Ubiquiti fixed the issue in version 3.4.20.
UniFi Talk
UniFi Talk Application versions 5.1.2 and earlier are affected by:
- CVE-2026-50747: a series of authenticated SQL injection vulnerabilities that could allow a threat actor with network access and low privileges to escalate privileges on the host device. CVSS: 9.9.
- CVE-2026-55113: a server-side request forgery (SSRF) vulnerability that could allow a threat actor to conduct a denial-of-service (DoS) attack and bypass authentication on certain API endpoints. CVSS: 7.5.
- CVE-2026-55119: an improper access control vulnerability that could allow a threat actor with network access and low privileges to escalate privileges within the application. CVSS: 8.1.
All vulnerabilities were fixed in version 5.2.2.
UniFi Access
UniFi Access Application versions 4.2.28 and earlier are affected by:
- CVE-2026-50748: an improper input validation vulnerability that could allow a threat actor with network access to perform command injection on the host device. CVSS: 9.9.
- CVE-2026-54400: an improper access control vulnerability that could allow a threat actor with network access to escalate privileges on the host device. CVSS: 9.1.
- CVE-2026-55117: a path traversal vulnerability that could allow a threat actor with network access to access files on the host device. CVSS: 8.6.
All vulnerabilities were fixed in version 4.2.29.
UniFi Protect
UniFi Protect Application versions 7.1.77 and earlier are affected by:
- CVE-2026-55115: a server-side request forgery (SSRF) vulnerability that could allow a threat actor with network access and low privileges to escalate privileges on the host device. CVSS: 9.9.
- CVE-2026-56841: an authenticated SQL injection vulnerability that could allow a threat actor with network access and low privileges to escalate privileges on the host device. CVSS: 8.8.
- CVE-2026-54407: an improper access control vulnerability that could allow a threat actor with network access to bypass authentication on certain API endpoints. CVSS: 8.6.
- CVE-2026-54408: an improper access control vulnerability that could allow a threat actor with network access to bypass authentication for data streaming. CVSS: 8.6.
- CVE-2026-54409: an improper initialization vulnerability that, under certain conditions, could allow a threat actor to bypass authentication on UniFi Protect Cameras. CVSS: 7.5.
All vulnerabilities were fixed in version 7.1.83.
UniFi OS
UniFi OS versions 5.1.15 and earlier are affected by:
- CVE-2026-54402: an improper input validation vulnerability that could allow a threat actor with network access and low privileges to perform command injection on the host device. CVSS: 9.9.
- CVE-2026-55116: an improper access control vulnerability that, under certain network configurations, could allow a threat actor to make unauthorized changes to affected devices. CVSS: 9.0.
- CVE-2026-54404: a series of authenticated SQL injection vulnerabilities that could allow a threat actor with network access and low privileges to escalate privileges within affected UniFi OS devices or instances. CVSS: 8.8.
- CVE-2026-54403: a path traversal vulnerability that could allow a threat actor with network access to bypass authentication on affected devices. Ubiquiti notes that the vulnerability can be chained with other vulnerabilities to eliminate the requirement for low-privileged access. CVSS: 8.6.
- CVE-2026-54401: a server-side request forgery (SSRF) vulnerability that could allow a threat actor with network access and low privileges to escalate privileges within affected UniFi OS devices or instances. CVSS: 7.7.
- CVE-2026-55110: a cross-origin resource sharing (CORS) misconfiguration that could allow a threat actor to trigger actions through an authenticated user's session if the user is lured to a malicious webpage. CVSS: 7.5.
- CVE-2026-55112: an improper access control vulnerability that, under certain conditions, could allow a threat actor with network access and low privileges to escalate privileges on the host device. CVSS: 7.5.
All vulnerabilities were fixed in version 5.1.19.
UniFi Network
UniFi Network Application versions 10.3.58 and earlier are affected by:
- CVE-2026-55114: an improper access control vulnerability that could allow a threat actor with network access and low privileges to escalate privileges within the application. CVSS: 8.8.
- CVE-2026-54406: a path traversal vulnerability affecting self-hosted deployments that could allow a threat actor with network access and high privileges to escalate write permissions on the host device. CVSS: 8.7.
- CVE-2026-55118: an improper access control vulnerability that, under certain conditions, could allow a threat actor with network access and low privileges to escalate privileges within the application. CVSS: 8.3.
- CVE-2026-54405: an improper input validation vulnerability that could allow a threat actor with network access to conduct a denial-of-service (DoS) attack against the application. CVSS: 7.5.
- CVE-2026-56842: an incorrect authorization vulnerability that, under certain conditions, could allow a threat actor to retain privileges after access has been removed. CVSS: 7.5.
All vulnerabilities were fixed in version 10.4.57.
As of July 8, Ubiquiti has not reported observed exploitation of these vulnerabilities in the wild.
Recommendations
Ubiquiti products are widely used for network management, physical access control, video surveillance, communications, and building operations.
Several vulnerabilities disclosed in the current Security Advisory Bulletin affect centralized management platforms that provide administrative control and visibility across connected devices.
Ubiquiti has not reported active exploitation of the vulnerabilities disclosed in the advisory. However, similar vulnerability classes affecting UniFi OS were recently exploited in the wild. Two weeks ago, the Cybersecurity and Infrastructure Security Agency (CISA) added three UniFi OS vulnerabilities involving improper access control, path traversal, and improper input validation to its Known Exploited Vulnerabilities (KEV) catalog. Several of the newly disclosed vulnerabilities involve the same categories of weaknesses, including improper access control, path traversal, and input validation flaws.
Organizations with internet-accessible UniFi management platforms should prioritize remediation efforts, particularly for systems used to manage network infrastructure, physical security, surveillance, and building operations. External exposure increases the likelihood that newly disclosed vulnerabilities will receive attention from threat actors.
CVE-2026-50746 warrants immediate attention due to the severity of its impact on UniFi Connect deployments used to manage building infrastructure. Organizations running affected versions can prioritize upgrading to the patched release, particularly where UniFi Connect is accessible from untrusted networks.
Stay on top of emerging threats like this.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.


