CybersecurityJuly 8, 2026· via The Hacker News

Ubiquiti rushes critical UniFi fixes for five products after 10.0-rated flaw

Ubiquiti rushes critical UniFi fixes for five products after 10.0-rated flaw

Image : The Hacker News

Ubiquiti has issued emergency patches for five UniFi products after researchers disclosed a maximum-severity vulnerability that could let attackers seize control of networks running the affected software. The flaws span UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect and the underlying UniFi OS, with one bug scoring the rare 10.0 on the CVSS scale. Network administrators have been urged to install the updates without delay to prevent potential privilege escalation and arbitrary command execution.

A closer look at the vulnerabilities

The headline flaw, tracked as CVE-2026-50746, is an improper access control issue inside the UniFi Connect application. By exploiting this, an unauthenticated attacker on the same network could elevate privileges and run arbitrary commands with the permissions of the UniFi service account. Four additional high-severity issues were also fixed: CVE-2026-50747 in UniFi Talk, CVE-2026-50748 in UniFi Access, CVE-2026-50749 in UniFi Protect and CVE-2026-50750 in UniFi OS. Each allows similar impact paths if left unpatched.

What users should do right now

Ubiquiti has released firmware updates for all affected products and recommends immediate installation. Users can check the UniFi OS settings panel for pending updates or download the patches directly from the vendor’s support portal. Since the vulnerabilities can be triggered remotely without user interaction, delaying updates increases exposure to potential intrusions.

Why it matters

A single 10.0-rated vulnerability in a widely deployed product like UniFi Connect raises the stakes for every organization running the platform. Attackers can pivot from initial footholds to full domain compromise, making these patches time-critical rather than routine. For managed-service providers and enterprises, the breadth of affected products means a single oversight can cascade into multiple breach vectors. Administrators should treat this as a high-priority security bulletin and verify patch deployment across all UniFi instances before resuming normal operations.


Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on The Hacker News →

← Back to home