Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

July 14, 2026

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

July 14, 2026

Australian Cyber Agency Warns of Global CMS Exploitation Campaign

July 14, 2026
Facebook X (Twitter) Instagram
Tuesday, July 14
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
News

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Team-CWDBy Team-CWDJuly 14, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.

The list of vulnerabilities is as follows –

  • CVE-2026-50746 (CVSS score: 10.0) – An improper access control vulnerability in UniFi Connect Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
  • CVE-2026-50747 (CVSS score: 9.9) – A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
  • CVE-2026-50748 (CVSS score: 9.9) – An improper input validation vulnerability in UniFi Access Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
  • CVE-2026-54400 (CVSS score: 9.1) – An improper access control vulnerability in UniFi Access Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
  • CVE-2026-55115 (CVSS score: 9.9) – A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device. (Affects 7.1.77 and earlier; fixed in version 7.1.83)
  • CVE-2026-54402 (CVSS score: 9.9) – An improper input validation vulnerability in UniFi OS that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
  • CVE-2026-55116 (CVSS score: 9.0) – An improper access control vulnerability in UniFi OS that an attacker with access to the network could exploit to make unauthorized changes to certain devices. (Affects versions 5.1.15 and earlier; fixed in version 5.1.19)

While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was flagged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.

Russian state-sponsored threat actors have also been observed enlisting compromised Ubiquiti Edge OS routers into a botnet designed to proxy malicious traffic. The botnet, dubbed MooBot, was felled in a law enforcement operation in February 2024.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleAustralian Cyber Agency Warns of Global CMS Exploitation Campaign
Next Article Pentagon Suspends CMMC Phase II Requirements for Defense Contractors
Team-CWD
  • Website

Related Posts

News

Pentagon Suspends CMMC Phase II Requirements for Defense Contractors

July 14, 2026
News

New MacOS Malware Exploits Legitimate Developer ID

July 14, 2026
News

SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

July 14, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Beware of Winter Olympics scams and other cyberthreats

February 2, 2026

Can password managers get hacked? Here’s what to know

November 14, 2025

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself

January 16, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.