T

Threats

Ubiquiti UniFi Critical Vulnerabilities

Overview

CVE: CVE-2026-50746, CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116

Severity: Critical

Date: 6 July 2026

Vendor: Ubiquiti Inc


Ubiquiti has issued Security Advisory Bulletin 066 covering seven critical-severity vulnerabilities affecting multiple UniFi OS and application products, including UniFi Connect, Talk, Access, Protect, and Dream Machines. The vulnerabilities range from improper access control and input validation to SQL injection and server-side request forgery, with CVSS scores between 9.0 and 10.0. All require network access, with most requiring only low privileges, making them exploitable by authenticated low-privileged users. Immediate patching is strongly recommended.


Affected Versions

See vendor advisory for affected versions and available patches.


Vulnerability Breakdown

CVE-2026-50746 - Improper Access Control (Command Injection)

Severity: Critical

CVSS: 10.0

Product: UniFi Connect Application

Description: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

Impact: Remote code execution on the host device via command injection, allowing full system compromise.

Conditions: Network access required. No specific privilege level documented.

Notes: This is the highest-rated CVE in the advisory with a CVSS score of 10.0.


CVE-2026-50747 - Authenticated SQL Injection (Privilege Escalation)

Severity: Critical

CVSS: 9.9

Product: UniFi Talk Application

Description: A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.

Impact: Privilege escalation on the host device through SQL injection exploitation.

Conditions: Network access and low-privilege authenticated access required.


CVE-2026-50748 - Improper Input Validation (Command Injection)

Severity: Critical

CVSS: 9.9

Product: UniFi Access Application

Description: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.

Impact: Remote code execution on the host device via command injection.

Conditions: Network access and low-privilege authenticated access required.


CVE-2026-54402 - Improper Input Validation (Command Injection)

Severity: Critical

CVSS: 9.9

Product: UniFi OS Server

Description: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.

Impact: Remote code execution on the UniFi OS host device, potentially compromising all managed UniFi services.

Conditions: Network access and low-privilege authenticated access required.

Notes: This vulnerability affects the core UniFi OS server, which underpins multiple UniFi applications.


CVE-2026-55115 - Server-Side Request Forgery (Privilege Escalation)

Severity: Critical

CVSS: 9.9

Product: UniFi Protect Application

Description: A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.

Impact: Privilege escalation on the host device through SSRF exploitation.

Conditions: Network access and low-privilege authenticated access required.


CVE-2026-54400 - Improper Access Control (Privilege Escalation)

Severity: Critical

CVSS: 9.1

Product: UniFi Access Application

Description: A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

Impact: Privilege escalation on the host device beyond the initially granted access level.

Conditions: Network access and high-privilege authenticated access required.


CVE-2026-55116 - Improper Access Control (Unauthorised Changes)

Severity: Critical

CVSS: 9.0

Product: Dream Machines (certain devices running UniFi OS)

Description: A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorised changes to such UniFi OS devices.

Impact: Unauthorised configuration changes to UniFi OS devices, potentially allowing an attacker to alter network settings, access controls, or device behaviour.

Conditions: Network access and specific network configurations required.


Mitigation

  • Apply the latest firmware and software updates for all UniFi OS, Connect, Talk, Access, Protect, and Dream Machine devices immediately.

  • Restrict network access to UniFi management interfaces to trusted internal networks or VPN only.

  • Enforce strong authentication and MFA for all administrative accounts.

  • Review and minimise privilege levels for all authenticated users on UniFi applications.

  • Audit network configurations on Dream Machine devices to ensure access controls are properly configured.

  • Monitor logs for signs of exploitation attempts, including unusual SQL queries, SSRF requests, or command injection patterns.


Summary for IT Teams

Products: Ubiquiti UniFi OS, Connect, Talk, Access, Protect, and Dream Machines

Threat Level: Critical, CVSS up to 10.0

Action Required: Apply the latest vendor patches for all affected UniFi products immediately. Restrict network access to management interfaces, enforce MFA for all administrative accounts, and audit network configurations. Monitor systems for signs of exploitation.


Reference


Need help?

Please get in touch on 1300 769 460 or email us. We are here to help you strengthen your cybersecurity posture.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.