Ubiquiti Patches Seven Critical UniFi Flaws Enabling RCE and Privilege Escalation
Ubiquiti released security updates addressing seven critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS products that allow network-adjacent attackers to execute commands and escalate privileges.
Attack Brief
TargetUbiquiti UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, UniFi OSVectorImproper access control, command injection, SQL injection, input validation bypass, SSRF
Technical Details
CVE IDsCVE-2026-50746CVE-2026-50747CVE-2026-50748CVE-2026-54400CVE-2026-55115CVE-2026-54402CVE-2026-55116MITRE ATT&CKT1548T1059T1190AffectedUniFi Connect ≤3.4.16 (fixed 3.4.20); UniFi Talk ≤5.1.2 (fixed 5.2.2); UniFi Access ≤4.2.28 (fixed 4.2.29); UniFi Protect ≤7.1.77 (fixed 7.1.83); UniFi OS ≤5.1.15 (fixed 5.1.19)
Impact
Confirmed DamageNo evidence of active exploitation; however, prior UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) were weaponized in real-world attacks and flagged by CISA
Context
Previous CampaignsRussian state-sponsored threat actors previously compromised Ubiquiti Edge OS routers and enlisted them into MooBot botnet for malicious traffic proxying; botnet disrupted by law enforcement in February 2024