Ubiquiti Discloses 25 Security Flaws Across UniFi Ecosystem

Related

AirDrop and Quick Share Flaws Allow Attackers to Crash Nearby Devices

What happened Security researchers disclosed multiple vulnerabilities affecting Apple AirDrop...

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

What happened Threat actors are exploiting a critical Langflow vulnerability...

BlueHammer Microsoft Defender Flaw Exploited in Ransomware Attacks

What happened CISA updated its Known Exploited Vulnerabilities catalog to...

Critical Dell Wyse Vulnerabilities Enable Remote Code Execution

What happened Dell Technologies released a critical security advisory for...

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

What happened The National Association of Insurance Commissioners confirmed it...

Share

What happened

Ubiquiti disclosed 25 security vulnerabilities affecting products across the UniFi ecosystem, including UniFi Connect, Talk, Access, Protect, Network Application, and UniFi OS running on UDM, UNVR, and UNAS device families. Several of the flaws are critical, with CVSS scores reaching 9.9 and 10.0, and some could allow network-based attackers to fully compromise affected devices.

The most severe issue is CVE-2026-50746, a 10.0-rated improper access control flaw in UniFi Connect Application 3.4.16 and earlier. It can allow a network-adjacent attacker to execute command injection without authentication. Other critical issues include CVE-2026-50747 in UniFi Talk, CVE-2026-50748 and CVE-2026-54400 in UniFi Access, CVE-2026-54402 in UniFi OS, CVE-2026-55115 in UniFi Protect, and CVE-2026-55116 affecting UDM and related gateway hardware.

Several high-severity flaws can also support chained attacks. CVE-2026-54403, a path traversal issue in UniFi OS, was flagged as chainable with other bugs to bypass low-privilege access requirements. UniFi Protect also had multiple high-impact findings, including authentication bypass issues affecting API endpoints and data streaming, as well as a SQL injection flaw that can enable privilege escalation on the host device.

Fixed versions are available across the affected product lines. Administrators are advised to update UniFi Connect to 3.4.20 or later, Talk to 5.2.2 or later, Access to 4.2.29 or later, Network Application to 10.4.57 or later, Protect to 7.1.83 or later, Protect Floodlight to 1.13.6 or later, and UniFi OS on affected UDM, UNVR, and UNAS devices to 5.1.19 or later. No interim workarounds were listed for the 25 vulnerabilities.

Who is affected

Organizations using affected UniFi products are directly affected, especially if those systems are reachable by untrusted users or exposed on networks where attackers can reach management services.

The risk applies to UniFi Connect, Talk, Access, Protect, Network Application, Protect Floodlight, and UniFi OS deployments across UDM, UNVR, and UNAS hardware families.

Small businesses, schools, branch offices, retail environments, managed service providers, and organizations using UniFi for networking, access control, voice, cameras, and device management should prioritize review and patching.

Why CISOs should care

This disclosure matters because UniFi products often sit close to physical access, surveillance, network control, and administrative workflows. Compromise of these systems can create both cyber and operational risk.

For CISOs, the mix of unauthenticated command injection, SQL injection, authentication bypass, SSRF, path traversal, and privilege escalation is especially important. These are not isolated low-impact bugs; several can enable full control of affected systems.

The chainable flaw in UniFi OS also raises the risk. Even vulnerabilities that appear to require low privileges may become more serious when paired with another weakness that helps attackers bypass that requirement.

The lack of interim workarounds means patching is the main path to risk reduction. Organizations should not wait for a routine maintenance cycle if exposed UniFi systems manage critical network, access, or surveillance functions.

3 practical actions

  1. Update affected UniFi products immediately: Apply the fixed versions across UniFi Connect, Talk, Access, Network Application, Protect, Protect Floodlight, and UniFi OS. Prioritize internet-facing or broadly reachable management interfaces first.
  2. Restrict access to UniFi management services: Limit access to trusted admin networks, VPNs, or management VLANs. UniFi management interfaces should not be reachable from general user networks or the public internet unless absolutely necessary.
  3. Review logs and configuration changes: Because several flaws can enable privilege escalation, command injection, authentication bypass, or unauthorized configuration changes, security teams should review admin activity, API access, new accounts, changed device settings, and unusual outbound traffic from UniFi devices.
IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.