Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
The list of vulnerabilities is as follows -
- CVE-2026-50746 (CVSS score: 10.0) - An improper access control vulnerability in UniFi Connect Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 3.4.16 and earlier; fixed in version 3.4.20)
- CVE-2026-50747 (CVSS score: 9.9) - A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 5.1.2 and earlier; fixed in version 5.2.2)
- CVE-2026-50748 (CVSS score: 9.9) - An improper input validation vulnerability in UniFi Access Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
- CVE-2026-54400 (CVSS score: 9.1) - An improper access control vulnerability in UniFi Access Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)
- CVE-2026-55115 (CVSS score: 9.9) - A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device. (Affects 7.1.77 and earlier; fixed in version 7.1.83)
- CVE-2026-54402 (CVSS score: 9.9) - An improper input validation vulnerability in UniFi OS that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
- CVE-2026-55116 (CVSS score: 9.0) - An improper access control vulnerability in UniFi OS that an attacker with access to the network could exploit to make unauthorized changes to certain devices. (Affects versions 5.1.15 and earlier; fixed in version 5.1.19)
While there is no evidence that the flaws have been exploited in the wild, a set of three vulnerabilities in UniFi OS (CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910) was flagged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as having been weaponized in real-world attacks last month.
Russian state-sponsored threat actors have also been observed enlisting compromised Ubiquiti Edge OS routers into a botnet designed to proxy malicious traffic. The botnet, dubbed MooBot, was felled in a law enforcement operation in February 2024.




