{"id":287336,"date":"2026-07-08T17:11:00","date_gmt":"2026-07-08T21:11:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation\/"},"modified":"2026-07-08T17:50:11","modified_gmt":"2026-07-08T21:50:11","slug":"ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/08\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation\/","title":{"rendered":"Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/194978\/security\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation.html\">Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/194978\/security\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation.html\">https:\/\/securityaffairs.com\/194978\/security\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-08 17:11:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> July 08, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2021\/01\/Ubiquiti-Logo.png?fit=705%2C533&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Ubiquiti patched seven UniFi OS flaws, including critical CVE-2026-50746, which allows command injection in UniFi Connect Application.<\/h2>\n<p class=\"wp-block-paragraph\">Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks. <\/p>\n<p class=\"wp-block-paragraph\">The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used to manage commercial building systems such as smart lighting and EV chargers. Organizations using affected versions should update promptly to reduce compromise risks.<\/p>\n<p class=\"wp-block-paragraph\">\u201cA malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.\u201d reads the advisory.<\/p>\n<p class=\"wp-block-paragraph\">The vendor also addressed thcritical vulnerabilities:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>CVE-2026-50747 (CVSS score of 9.9)<\/strong>: The vulnerability affects <strong>UniFi Talk Application<\/strong> and consists of authenticated SQL injection flaws. A low-privileged attacker with network access can exploit the issue to escalate privileges and gain greater control over the host device. <\/li>\n<li><strong>CVE-2026-50748 (CVSS score of 9.9)<\/strong>: The vulnerability affects <strong>UniFi Access Application<\/strong> and is caused by improper input validation. A low-privileged attacker with network access can exploit the flaw to execute commands on the host device. <\/li>\n<li><strong>CVE-2026-54400 (CVSS score of 9.1)<\/strong>: The vulnerability affects <strong>UniFi Access Application<\/strong> and is caused by improper access control. A high-privileged attacker can exploit it to escalate privileges on the affected host device. <\/li>\n<li><strong>CVE-2026-54402 (CVSS score of 9.9)<\/strong>: The vulnerability affects multiple <strong>UniFi OS devices<\/strong> and allows a low-privileged attacker with network access to exploit an SSRF vulnerability,&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/securityaffairs.com\/194978\/security\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation https:\/\/securityaffairs.com\/194978\/security\/ubiquiti-patches-critical-unifi-os-flaws-allowing-command-injection-and-privilege-escalation.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":287337,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2021\/01\/Ubiquiti-Logo.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-287336","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287336"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=287336"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287336\/revisions"}],"predecessor-version":[{"id":287338,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/287336\/revisions\/287338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/287337"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=287336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=287336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=287336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}