Ubiquiti released patches for five critical vulnerabilities spanning its UniFi product ecosystem. The flaws affect UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. All vulnerabilities carry severe risk ratings, with at least one reaching a CVSS score of 10.0.
CVE-2026-50746, the highest-severity flaw, exists in UniFi Connect Application due to improper access control. This vulnerability allows attackers to escalate privileges and execute arbitrary commands on affected systems.
The vulnerabilities create substantial risk for organisations relying on Ubiquiti's unified management platform. UniFi products manage network infrastructure across access points, security cameras, and building access systems in enterprise environments. An attacker exploiting these flaws could gain administrative control over network devices, surveillance systems, and physical access infrastructure simultaneously.
The scope extends beyond a single product. UniFi Connect handles device provisioning and management, UniFi Talk provides VoIP functionality, UniFi Access controls door locks and physical security, UniFi Protect manages IP cameras, and UniFi OS serves as the underlying operating system. Exploitation of these vulnerabilities could compromise all these functions across a single organisation.
Ubiquiti has shipped patches to address the reported issues. Organisations using affected UniFi products should prioritise applying updates immediately. The combination of privilege escalation and arbitrary command execution capabilities makes these vulnerabilities particularly dangerous. An attacker gaining access to one UniFi instance could potentially pivot to control an organisation's entire infrastructure stack.
Administrators should check Ubiquiti's security advisories for specific version numbers and patch availability across their deployed UniFi products. Network isolation and access controls should be reviewed while patches are being deployed, particularly for systems managing physical security or critical network functions. The universal CVSS rating across these fl
