Ubiquiti has released fixes for critical flaws in UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could lead to command injection, privilege escalation, and unauthorized device changes. Although these issues have not been seen exploited in the wild, CISA recently flagged other UniFi OS vulnerabilities as weaponized, and Russian state-sponsored actors were previously tied to the MooBot botnet using compromised Ubiquiti Edge OS routers. #Ubiquiti #UniFiOS #UniFiConnect #UniFiTalk #UniFiAccess #UniFiProtect #CISA #MooBot
Keypoints
- Ubiquiti patched multiple critical vulnerabilities across its UniFi product line.
- The flaws could enable command injection and privilege escalation on host devices.
- UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS were affected.
- Some issues were fixed in newer versions, including UniFi OS 5.1.19 and UniFi Protect 7.1.83.
- CISA recently warned that other UniFi OS flaws had been weaponized in real-world attacks.
Read More: https://thehackernews.com/2026/07/ubiquiti-patches-critical-unifi-flaws.html