Ubiquiti has patched seven critical vulnerabilities in UniFi OS, including CVE-2026-50746 in UniFi Connect Application that could allow command injection on affected host devices. The company also fixed six additional critical flaws across UniFi Talk, UniFi Access, UniFi Protect, UniFi OS Server, and multiple Ubiquiti devices, urging users to update immediately. #Ubiquiti #UniFiOS #CVE-2026-50746
Keypoints
- Ubiquiti released fixes for seven critical vulnerabilities in UniFi OS.
- CVE-2026-50746 affects UniFi Connect Application and can lead to command injection.
- Users should update UniFi Connect Application to version 3.4.20 or later.
- Six other critical flaws impact UniFi Talk, UniFi Access, UniFi Protect, UniFi OS Server, and other devices.
- More than 100,000 UniFi OS instances are exposed online, according to Censys.