Threat Advisory

UniFi OS Vulnerabilities Expose Appliances to Unrestricted Instruction Abuse

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in UniFi OS, including seven critical flaws that allow command injection, SQL injection, improper input validation, SSRF vulnerability, CORS misconfiguration, unauthorized changes through an access control issue, and path traversal. Organizations using affected versions should update promptly to reduce compromise risks. The issues affect UniFi Connect Application versions 3.4.16 and earlier.

CVE-2026-50747 (CVSS 9.9): An authenticated SQL injection flaw affects UniFi Talk Application, enabling a low-privileged attacker to escalate privileges and gain control over the host device.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in UniFi OS, including seven critical flaws that allow command injection, SQL injection, improper input validation, SSRF vulnerability, CORS misconfiguration, unauthorized changes through an access control issue, and path traversal. Organizations using affected versions should update promptly to reduce compromise risks. The issues affect UniFi Connect Application versions 3.4.16 and earlier.

CVE-2026-50747 (CVSS 9.9): An authenticated SQL injection flaw affects UniFi Talk Application, enabling a low-privileged attacker to escalate privileges and gain control over the host device.[emaillocker id="1283"]

CVE-2026-50748 (CVSS 9.9): Improper input validation in UniFi Access Application allows a low-privileged attacker with network access to execute commands on the host device.

CVE-2026-54400 (CVSS 9.1): An improper access control vulnerability in UniFi Access Application allows high-privileged attackers to escalate privileges on affected systems.

CVE-2026-55116 (CVSS 9.0): An Unauthorized changes are possible through an improper access control issue under specific network conditions affecting certain UniFi OS devices.

RECOMMENDATION:

We recommend you to refer below link: https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu