Ubiquiti Patches Critical Flaws Across UniFi Ecosystem, Including Command Injection and Privilege Escalation Risks
Ubiquiti has released urgent security updates for its UniFi Connect, Talk, Access, Protect, and OS platforms. These patches address a range of critical vulnerabilities, including multiple command injection and privilege escalation flaws that could be exploited by attackers with network access.
Network hardware and software provider **Ubiquiti** has rolled out crucial security updates to address several high-severity vulnerabilities impacting its popular UniFi product suite. The affected applications include **UniFi Connect**, **UniFi Talk**, **UniFi Access**, **UniFi Protect**, and **UniFi OS**, with flaws potentially leading to privilege escalation and arbitrary command execution.

### Critical Vulnerabilities Addressed
The updates target a comprehensive list of vulnerabilities, many with CVSS scores indicating critical severity:
* **CVE-2026-50746** (CVSS: 10.0): An improper access control flaw in **UniFi Connect Application** (versions 3.4.16 and earlier) allowing network-accessible attackers to execute command injections on the host device. Fixed in version 3.4.20.
* **CVE-2026-50747** (CVSS: 9.9): A series of authenticated SQL injection vulnerabilities in **UniFi Talk Application** (versions 5.1.2 and earlier) that could enable privilege escalation on the host device. Fixed in version 5.2.2.
* **CVE-2026-50748** (CVSS: 9.9): An improper input validation flaw in **UniFi Access Application** (versions 4.2.28 and earlier) that could lead to command injection. Fixed in version 4.2.29.
* **CVE-2026-54400** (CVSS: 9.1): Another improper access control vulnerability in **UniFi Access Application** (versions 4.2.28 and earlier) exploitable for privilege escalation. Fixed in version 4.2.29.
* **CVE-2026-55115** (CVSS: 9.9): A Server-Side Request Forgery (**SSRF**) vulnerability in **UniFi Protect Application** (versions 7.1.77 and earlier), allowing low-privileged network attackers to escalate privileges. Fixed in version 7.1.83.
* **CVE-2026-54402** (CVSS: 9.9): An improper input validation vulnerability in **UniFi OS** (versions 5.1.15 and earlier) enabling command injection. Fixed in version 5.1.19.
* **CVE-2026-55116** (CVSS: 9.0): An improper access control flaw in **UniFi OS** (versions 5.1.15 and earlier) that could allow unauthorized device modifications. Fixed in version 5.1.19.
### Broader Context of Ubiquiti Security Concerns
While there is currently no evidence of these newly patched flaws being actively exploited in the wild, Ubiquiti products have been a target for threat actors in the past. Just last month, the **U.S. Cybersecurity and Infrastructure Security Agency (CISA)** flagged three **UniFi OS** vulnerabilities (**CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**) as having been weaponized in real-world attacks.
Furthermore, in February 2024, cybersecurity agencies observed Russian state-sponsored threat actors leveraging compromised Ubiquiti Edge OS routers as part of the **MooBot** botnet. This botnet was designed to proxy malicious traffic, though it was subsequently disrupted in a coordinated law enforcement operation.
Given the critical nature of these vulnerabilities and the historical targeting of Ubiquiti devices, IT security professionals and privacy-conscious users are strongly urged to apply the latest updates immediately to mitigate potential risks.