Ubiquiti: Ubiquiti warns of new max severity UniFi OS vulnerability

Ubiquiti: Ubiquiti warns of new max severity UniFi OS vulnerability

Ubiquiti Patches Seven Critical Vulnerabilities in UniFi OS, Including Maximum-Severity Command Injection Flaw

Ubiquiti has released security updates to address seven critical vulnerabilities in its UniFi OS, including a maximum-severity command injection flaw tracked as CVE-2026-50746. The vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management suite for commercial building operations such as smart lighting and EV chargers. Exploiting this improper access control flaw could allow attackers with network access to execute arbitrary commands on the host device. Users are advised to update to version 3.4.20 or later to mitigate the risk.

In the same update, Ubiquiti patched six additional critical-severity vulnerabilities (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) impacting UniFi Talk, UniFi Access, UniFi Protect, UniFi OS Server, and various routers, gateways, NAS, and surveillance systems. Six of these flaws can be exploited in low-complexity attacks without user interaction, though Ubiquiti has not confirmed whether any were actively exploited prior to patching.

Security firm Censys reports over 100,000 internet-exposed UniFi OS instances, with nearly 50,000 located in the U.S. However, it remains unclear how many have been secured or are honeypots.

Ubiquiti devices have been frequent targets of state-sponsored and cybercriminal groups, often repurposed into botnets for malicious activity. In February 2024, the FBI dismantled Moobot, a botnet of Ubiquiti Edge OS routers used by Russia’s GRU for cyberespionage. In 2022, CISA added an actively exploited AirOS command injection flaw (CVE-2010-5330) to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch within three weeks. More recently, in June 2024, CISA warned of three actively exploited UniFi OS flaws, mandating remediation within three days. Security firm Bishop Fox later demonstrated how these vulnerabilities could be chained for remote code execution with elevated privileges, releasing a detection script to help identify vulnerable systems.

Source: https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-new-max-severity-unifi-os-vulnerability/

Ubiquiti Inc cybersecurity rating report: https://www.rankiteo.com/company/ubiquiti-inc

"id": "UBI1783499130",
"linkid": "ubiquiti-inc",
"type": "Vulnerability",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Users of UniFi OS, UniFi '
                                              'Connect, UniFi Talk, UniFi '
                                              'Access, UniFi Protect, routers, '
                                              'gateways, NAS, and surveillance '
                                              'systems',
                        'industry': 'Networking and IoT Devices',
                        'name': 'Ubiquiti',
                        'type': 'Company'}],
 'attack_vector': 'Network Access',
 'customer_advisories': 'Update UniFi OS devices to the latest firmware '
                        'versions to mitigate critical vulnerabilities.',
 'description': 'Ubiquiti has released security updates to address seven '
                'critical vulnerabilities in its UniFi OS, including a '
                'maximum-severity command injection flaw tracked as '
                'CVE-2026-50746. The vulnerability affects UniFi Connect '
                'Application (versions 3.4.16 and earlier), a management suite '
                'for commercial building operations such as smart lighting and '
                'EV chargers. Exploiting this improper access control flaw '
                'could allow attackers with network access to execute '
                'arbitrary commands on the host device. Users are advised to '
                'update to version 3.4.20 or later to mitigate the risk. '
                'Additionally, six other critical-severity vulnerabilities '
                'were patched, impacting UniFi Talk, UniFi Access, UniFi '
                'Protect, UniFi OS Server, and various routers, gateways, NAS, '
                'and surveillance systems.',
 'impact': {'brand_reputation_impact': 'Potential negative impact due to '
                                       'frequent targeting by threat actors',
            'operational_impact': 'Potential arbitrary command execution on '
                                  'host devices, remote code execution with '
                                  'elevated privileges',
            'systems_affected': 'UniFi OS instances, routers, gateways, NAS, '
                                'surveillance systems, UniFi Connect, UniFi '
                                'Talk, UniFi Access, UniFi Protect'},
 'investigation_status': 'Ongoing (patches released, exploitation status '
                         'unclear)',
 'lessons_learned': 'Ubiquiti devices are frequent targets of state-sponsored '
                    'and cybercriminal groups, often repurposed into botnets. '
                    'Proactive patching and monitoring are critical to '
                    'mitigate risks.',
 'motivation': ['Cyberespionage', 'Botnet Creation', 'Malicious Activity'],
 'post_incident_analysis': {'corrective_actions': ['Release of security '
                                                   'patches',
                                                   'Public disclosure and '
                                                   'advisories'],
                            'root_causes': ['Improper access control',
                                            'Low-complexity vulnerabilities '
                                            'exploitable without user '
                                            'interaction']},
 'recommendations': ['Update to the latest firmware versions (e.g., UniFi '
                     'Connect 3.4.20 or later).',
                     'Monitor for signs of exploitation or unauthorized '
                     'access.',
                     'Follow CISA guidelines for remediation of actively '
                     'exploited vulnerabilities.',
                     "Use detection scripts (e.g., Bishop Fox's script) to "
                     'identify vulnerable systems.'],
 'references': [{'source': 'Ubiquiti Security Advisory'},
                {'source': 'Censys Report'},
                {'source': 'Bishop Fox Research'},
                {'source': 'CISA Known Exploited Vulnerabilities Catalog'},
                {'source': 'FBI Moobot Botnet Dismantling'}],
 'regulatory_compliance': {'regulatory_notifications': ['CISA Known Exploited '
                                                        'Vulnerabilities '
                                                        'Catalog '
                                                        '(CVE-2010-5330, June '
                                                        '2024 '
                                                        'vulnerabilities)']},
 'response': {'communication_strategy': 'Public disclosure of vulnerabilities '
                                        'and patch availability',
              'containment_measures': 'Security updates released (version '
                                      '3.4.20 or later for UniFi Connect)',
              'remediation_measures': 'Patching vulnerable systems, updating '
                                      'to latest firmware versions'},
 'stakeholder_advisories': 'Users and organizations using Ubiquiti UniFi OS '
                           'devices are advised to apply patches immediately '
                           'and monitor for signs of compromise.',
 'threat_actor': ['State-sponsored groups',
                  'Cybercriminal groups',
                  'GRU (Russian Military Intelligence)'],
 'title': 'Ubiquiti Patches Seven Critical Vulnerabilities in UniFi OS, '
          'Including Maximum-Severity Command Injection Flaw',
 'type': ['Vulnerability Disclosure', 'Patch Release'],
 'vulnerability_exploited': ['CVE-2026-50746',
                             'CVE-2026-50747',
                             'CVE-2026-50748',
                             'CVE-2026-54400',
                             'CVE-2026-54402',
                             'CVE-2026-55115',
                             'CVE-2026-55116']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.