Multiple security vulnerabilities have been identified in UniFi products, including the UniFi Connect app, UniFi Talk app, UniFi Access app, UniFi Network app, UniFi Protect app, UniFi OS devices, and UniFi Protect Floodlight. These flaws pose a significant risk to users, allowing for command injection, SQL injection, server-side request forgery, path traversal, authentication bypass, denial of service, and camera access. The affected version range is not explicitly stated in the article.
CVE-2026-50746 (CVSS 10.0 — Critical): A network attacker could run code on the host with no login using this vulnerability that hits the UniFi Connect app.[/subscribe_to_unlock_form]
Multiple security vulnerabilities have been identified in UniFi products, including the UniFi Connect app, UniFi Talk app, UniFi Access app, UniFi Network app, UniFi Protect app, UniFi OS devices, and UniFi Protect Floodlight. These flaws pose a significant risk to users, allowing for command injection, SQL injection, server-side request forgery, path traversal, authentication bypass, denial of service, and camera access. The affected version range is not explicitly stated in the article.
CVE-2026-50746 (CVSS 10.0 — Critical): A network attacker could run code on the host with no login using this vulnerability that hits the UniFi Connect app.[emaillocker id="1283"]
CVE-2026-54402 (CVSS 9.9 — Critical): This bug adds command injection to UniFi OS, allowing a network attacker to run code on the host.
CVE-2026-55115 (CVSS 9.9 — Critical): A server-side request forgery bug hits UniFi Protect at this severity level, requiring a valid login first.
CVE-2026-54403 (CVSS 8.6 — High): This flaw can be chained with other bugs to drop the need for low-level access, increasing the risk.
CVE-2026-54405 (CVSS 7.5 — High): A denial of service bug can crash the UniFi Network app.
CVE-2026-54409 (CVSS 7.5 — High): An authentication bypass vulnerability affecting UniFi Protect cameras allows unauthorized users to access protected camera functionality without valid credentials.
We recommend you to update UniFi Profucts below version: UniFi Connect Application to version 3.4.20 or later. UniFi Talk Application to version 5.2.2 or later. UniFi Access Application to version 4.2.29 or later. UniFi Network Application to version 10.4.57 or later. UniFi Protect Application to version 7.1.83 or later. UniFi OS Devices to version 5.1.19 or later. UniFi Protect Floodlight to version 1.13.6 or later.
The following reports contain further technical details:
[/emaillocker]