Ubiquiti Discloses 25 Security Vulnerabilities Across UniFi Ecosystem

The420.in Staff
3 Min Read

Networking equipment manufacturer Ubiquiti has disclosed 25 security vulnerabilities affecting its UniFi ecosystem, including several critical flaws with CVSS v3.1 severity scores ranging from 9.0 to 10.0. According to the company’s Security Advisory Bulletin 066, some of these vulnerabilities could allow network-based attackers to gain complete control of affected devices if left unpatched.

The advisory covers multiple UniFi products, including UniFi OS running on UDM, UNVR and UNAS devices, along with UniFi Connect, Talk, Access, Protect, Network Application and Protect Floodlight. Ubiquiti has released security updates for all affected products and has advised customers to upgrade immediately, as no temporary workarounds are available.

The most severe vulnerability, tracked as CVE-2026-50746, carries the maximum CVSS score of 10.0. It affects UniFi Connect Application version 3.4.16 and earlier and could allow a network-adjacent attacker to execute command injection without authentication due to an improper access control flaw.

Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference

Two additional critical vulnerabilities, CVE-2026-50747 and CVE-2026-50748, each rated 9.9, affect UniFi Talk and UniFi Access respectively. These flaws involve SQL injection and improper input validation, potentially allowing low-privileged users to escalate privileges and gain full control of vulnerable systems. Other critical issues include CVE-2026-54402, an input validation flaw in UniFi OS, CVE-2026-55115, an SSRF-based privilege escalation vulnerability in UniFi Protect, and CVE-2026-55116, an improper access control issue affecting UDM gateway devices.

Researchers also highlighted several high-severity vulnerabilities that could be chained together during an attack. One such flaw, CVE-2026-54403, is a path traversal vulnerability in UniFi OS that could be combined with other vulnerabilities to bypass authentication requirements. Additional high-risk issues include SQL injection, authentication bypass, cross-origin resource sharing (CORS) misconfiguration and privilege escalation vulnerabilities across multiple UniFi components.

According to a Researcher at Algoritha Security, the disclosure demonstrates that enterprise networking platforms continue to be attractive targets for attackers because a single compromised network management device can provide broad access to connected infrastructure. Organizations should treat internet-facing network controllers and management appliances as high-priority assets and ensure they receive security updates without delay.

Ubiquiti has credited several independent security researchers for responsibly disclosing the vulnerabilities. The company has urged administrators to upgrade UniFi Connect to version 3.4.20 or later, UniFi Talk to 5.2.2 or later, UniFi Access to 4.2.29 or later, UniFi Network Application to 10.4.57 or later, UniFi Protect to 7.1.83 or later, UniFi Protect Floodlight to 1.13.6 or later, and UniFi OS to version 5.1.19 or later.

Security experts recommend that organizations prioritize these updates immediately, particularly for internet-connected UniFi deployments, to reduce the risk of remote exploitation and unauthorized access.

Stay Connected