🔴 Critical  |  Source: The Hacker News


Ubiquiti has released patches addressing multiple critical vulnerabilities across its UniFi product suite, including Connect, Talk, Access, Protect, and OS. The most severe flaw, CVE-2026-50746, carries a perfect CVSS score of 10.0 and involves improper access control in UniFi Connect. Successful exploitation could allow attackers to escalate privileges or execute arbitrary commands on affected devices.

Security Architect’s Take: Prioritise immediate patching of all UniFi devices across your estate — a CVSS 10.0 with privilege escalation and command execution potential means these are effectively pre-auth or low-barrier takeover risks. Audit your network segmentation to ensure UniFi management interfaces are not exposed to untrusted networks or the public internet whilst patching is in progress.

Original advisory: Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS