T
Threats
Ubiquiti UniFi Critical Vulnerabilities

Overview
CVE: CVE-2026-50746, CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116
Severity: Critical
Date: 6 July 2026
Vendor: Ubiquiti Inc
Ubiquiti has issued Security Advisory Bulletin 066 covering seven critical-severity vulnerabilities affecting multiple UniFi OS and application products, including UniFi Connect, Talk, Access, Protect, and Dream Machines. The vulnerabilities range from improper access control and input validation to SQL injection and server-side request forgery, with CVSS scores between 9.0 and 10.0. All require network access, with most requiring only low privileges, making them exploitable by authenticated low-privileged users. Immediate patching is strongly recommended.
Affected Versions
See vendor advisory for affected versions and available patches.
Vulnerability Breakdown
CVE-2026-50746 - Improper Access Control (Command Injection)
Severity: Critical
CVSS: 10.0
Product: UniFi Connect Application
Description: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
Impact: Remote code execution on the host device via command injection, allowing full system compromise.
Conditions: Network access required. No specific privilege level documented.
Notes: This is the highest-rated CVE in the advisory with a CVSS score of 10.0.
CVE-2026-50747 - Authenticated SQL Injection (Privilege Escalation)
Severity: Critical
CVSS: 9.9
Product: UniFi Talk Application
Description: A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.
Impact: Privilege escalation on the host device through SQL injection exploitation.
Conditions: Network access and low-privilege authenticated access required.
CVE-2026-50748 - Improper Input Validation (Command Injection)
Severity: Critical
CVSS: 9.9
Product: UniFi Access Application
Description: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.
Impact: Remote code execution on the host device via command injection.
Conditions: Network access and low-privilege authenticated access required.
CVE-2026-54402 - Improper Input Validation (Command Injection)
Severity: Critical
CVSS: 9.9
Product: UniFi OS Server
Description: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
Impact: Remote code execution on the UniFi OS host device, potentially compromising all managed UniFi services.
Conditions: Network access and low-privilege authenticated access required.
Notes: This vulnerability affects the core UniFi OS server, which underpins multiple UniFi applications.
CVE-2026-55115 - Server-Side Request Forgery (Privilege Escalation)
Severity: Critical
CVSS: 9.9
Product: UniFi Protect Application
Description: A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
Impact: Privilege escalation on the host device through SSRF exploitation.
Conditions: Network access and low-privilege authenticated access required.
CVE-2026-54400 - Improper Access Control (Privilege Escalation)
Severity: Critical
CVSS: 9.1
Product: UniFi Access Application
Description: A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.
Impact: Privilege escalation on the host device beyond the initially granted access level.
Conditions: Network access and high-privilege authenticated access required.
CVE-2026-55116 - Improper Access Control (Unauthorised Changes)
Severity: Critical
CVSS: 9.0
Product: Dream Machines (certain devices running UniFi OS)
Description: A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorised changes to such UniFi OS devices.
Impact: Unauthorised configuration changes to UniFi OS devices, potentially allowing an attacker to alter network settings, access controls, or device behaviour.
Conditions: Network access and specific network configurations required.
Mitigation
Apply the latest firmware and software updates for all UniFi OS, Connect, Talk, Access, Protect, and Dream Machine devices immediately.
Restrict network access to UniFi management interfaces to trusted internal networks or VPN only.
Enforce strong authentication and MFA for all administrative accounts.
Review and minimise privilege levels for all authenticated users on UniFi applications.
Audit network configurations on Dream Machine devices to ensure access controls are properly configured.
Monitor logs for signs of exploitation attempts, including unusual SQL queries, SSRF requests, or command injection patterns.
Summary for IT Teams
Products: Ubiquiti UniFi OS, Connect, Talk, Access, Protect, and Dream Machines
Threat Level: Critical, CVSS up to 10.0
Action Required: Apply the latest vendor patches for all affected UniFi products immediately. Restrict network access to management interfaces, enforce MFA for all administrative accounts, and audit network configurations. Monitor systems for signs of exploitation.
Reference
Need help?
Please get in touch on 1300 769 460 or email us. We are here to help you strengthen your cybersecurity posture.
