{"id":287280,"date":"2026-07-08T10:38:00","date_gmt":"2026-07-08T14:38:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/ubiquiti-patches-critical-unifi-flaws-across-connect-talk-access-protect-and-os\/"},"modified":"2026-07-08T14:55:07","modified_gmt":"2026-07-08T18:55:07","slug":"ubiquiti-patches-critical-unifi-flaws-across-connect-talk-access-protect-and-os","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/ubiquiti-patches-critical-unifi-flaws-across-connect-talk-access-protect-and-os\/","title":{"rendered":"Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/ubiquiti-patches-critical-unifi-flaws.html\">Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/ubiquiti-patches-critical-unifi-flaws.html\">https:\/\/thehackernews.com\/2026\/07\/ubiquiti-patches-critical-unifi-flaws.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 10:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jul 08, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<p>Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.<\/p>\n<p>The list of vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li><strong>CVE-2026-50746<\/strong> (CVSS score: 10.0) &#8211; An improper access control vulnerability in UniFi Connect Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 3.4.16 and earlier; fixed in version 3.4.20)<\/li>\n<li><strong>CVE-2026-50747<\/strong> (CVSS score: 9.9) &#8211; A series of authenticated SQL injection vulnerabilities in UniFi Talk Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 5.1.2 and earlier; fixed in version 5.2.2)<\/li>\n<li><strong>CVE-2026-50748<\/strong> (CVSS score: 9.9) &#8211; An improper input validation vulnerability in UniFi Access Application that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)<\/li>\n<li><strong>CVE-2026-54400<\/strong> (CVSS score: 9.1) &#8211; An improper access control vulnerability in UniFi Access Application that an attacker with access to the network could exploit to escalate privileges on the host device. (Affects versions 4.2.28 and earlier; fixed in version 4.2.29)<\/li>\n<li><strong>CVE-2026-55115<\/strong> (CVSS score: 9.9) &#8211; A Server-Side Request Forgery (SSRF) vulnerability in UniFi Protect Application that an attacker with access to the network and low privileges could exploit to escalate privileges on the host device. (Affects 7.1.77 and earlier; fixed in version 7.1.83)<\/li>\n<li><strong>CVE-2026-54402<\/strong> (CVSS score: 9.9) &#8211; An improper input validation vulnerability in UniFi OS that an attacker with access to the network could exploit to execute a command injection on the host device. (Affects versions 5.1.15 and earlier; fixed in&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/ubiquiti-patches-critical-unifi-flaws.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS https:\/\/thehackernews.com\/2026\/07\/ubiquiti-patches-critical-unifi-flaws.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287281,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgx2TRa1CP7yIs67Wa1bxiFVW5yq1S7vtAaQHf_htjuDbpAETKv8tfw7rchtVvME0FsA8YJ_uQzRp_ZAV-nPhLyRUQw_NNdgN0zhjyVR_L3wzt1ZX08PknwSF2FBLeieIUIx7t4hLMF1sDnsRuFCzllq8auoKriKlGMdllY8IYG04bID6cgGzty0e9mVhoM\/s1600\/uu.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,29,27],"class_list":["post-287280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287280"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287280"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287280\/revisions"}],"predecessor-version":[{"id":287282,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287280\/revisions\/287282"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287281"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}