INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Ubiquiti UniFi OS Vulnerability Exploit Possible
| 2026-07-08 20:20 CRITICAL LOWExecutive Summary AI-generated
The recent patching of critical vulnerabilities in Ubiquiti UniFi OS has significantly improved the security posture of various organizations, including those that rely on these systems for managing commercial building systems such as smart lighting and EV chargers. The release of security updates addressing seven major flaws, including a maximum-severity flaw with a CVSS score of 10.0, enables command injection attacks. This vulnerability affects UniFi Connect Application versions 3.4.16 and earlier, making it imperative for users to update affected products to the fixed versions listed in Security Advisory Bulletin 066. By addressing these critical vulnerabilities, Ubiquiti has mitigated potential risks associated with unauthorized access control issues, ensuring a more secure environment for its customers.
Technical Mitigations AI-generated
* Implement secure coding practices and input validation to prevent authenticated SQL injection flaws (CVE-2026-50747, CVE-2026-50748) in UniFi Talk Application.
* Use proper access control mechanisms to prevent improper access control vulnerabilities (CVE-2026-54400, CVE-2026-54402), such as secure authentication and authorization protocols.
* Regularly update and patch critical security issues (CVE-2026-55115, CVE-2026-55116) in UniFi OS devices and applications to ensure the latest security fixes are applied.
* Monitor network traffic for suspicious activity and implement intrusion detection systems or firewalls to prevent command injection attacks (CVE-2026-50746).
* Use secure communication protocols, such as HTTPS, when transmitting sensitive data between UniFi Connect Application and other components of the system.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-50746CVE-2026-50746
CVE-2026-54402CVE-2026-54402
CVE-2026-50747CVE-2026-50747
CVE-2026-55115CVE-2026-55115
CVE-2026-55116CVE-2026-55116
CVE-2026-54400CVE-2026-54400
CVE-2026-50748CVE-2026-50748
CVE-2010-5330CVE-2010-5330
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
governmentgovernment
Incident Timeline
April 2022
Threat actors exploited a previously unknown critical command injection flaw in Ubiquiti AirOS, allowing them to execute arbitrary commands and potentially escalate privileges.
Click on any entity below to view its context and source!
industry
Government
Four years earlier, in April 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added a critical command injection flaw (CVE-2010-5330) in Ubiquiti AirOS to its catalog of actively exploited flaws and
ordered government agencies
to patch their devices within three weeks.
vulnerability
CVE-2010-5330
Four years earlier, in April 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added a critical command injection flaw (CVE-2010-5330) in Ubiquiti AirOS to its catalog of actively exploited flaws and
ordered government agencies
to patch their devices within three weeks.
general_metric
5330 critical command injection flaw
Four years earlier, in April 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added a critical command injection flaw (CVE-2010-5330) in Ubiquiti AirOS to its catalog of actively exploited flaws and
ordered government agencies
to patch their devices within three weeks.
February 2024
Threat actors used a vulnerability in Ubiquiti Edge OS to compromise the system and exploit it for command injection and privilege escalation.
Click on any entity below to view its context and source!
target_region
Russian Federation
For instance, in February 2024, the
FBI dismantled Moobot
, a botnet of Ubiquiti Edge OS routers used by Russia's Main Intelligence Directorate of the General Staff (GRU)
to proxy malicious traffic
in cyberespionage attacks.
tactic
Botnet
For instance, in February 2024, the
FBI dismantled Moobot
, a botnet of Ubiquiti Edge OS routers used by Russia's Main Intelligence Directorate of the General Staff (GRU)
to proxy malicious traffic
in cyberespionage attacks.
attribution
FBI
For instance, in February 2024, the
FBI dismantled Moobot
, a botnet of Ubiquiti Edge OS routers used by Russia's Main Intelligence Directorate of the General Staff (GRU)
to proxy malicious traffic
in cyberespionage attacks.
attribution
Ubiquiti Edge OS
For instance, in February 2024, the
FBI dismantled Moobot
, a botnet of Ubiquiti Edge OS routers used by Russia's Main Intelligence Directorate of the General Staff (GRU)
to proxy malicious traffic
in cyberespionage attacks.
attribution
Main Intelligence Directorate
For instance, in February 2024, the
FBI dismantled Moobot
, a botnet of Ubiquiti Edge OS routers used by Russia's Main Intelligence Directorate of the General Staff (GRU)
to proxy malicious traffic
in cyberespionage attacks.
2026/07/08
Ubiquiti patched seven critical UniFi OS vulnerabilities, including a maximum-severity flaw that allows command injection attacks.
Click on any entity below to view its context and source!
organisation
UniFi OS
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation
Ubiquiti patched seven UniFi OS flaws, including critical CVE-2026-50746, which allows command injection in UniFi Connect Application.
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw tracked as
CVE-2026-50746
that can be exploited in command injection attacks.
organisation
UniFi Connect Application
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation
Ubiquiti patched seven UniFi OS flaws, including critical CVE-2026-50746, which allows command injection in UniFi Connect Application.
The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart LED lighting systems and electric vehicle chargers) via a single interface.
organisation
CVE-2026-54402
CVE-2026-54402 (CVSS score of 9.9)
: The vulnerability affects multiple
UniFi OS devices
and allows a low-privileged attacker with network access to exploit an SSRF vulnerability, potentially leading to privilege escalation within UniFi OS environments.
infrastructure
10.0
Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks.
organisation
UniFi
Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks.
Ubiquiti warns of new max severity UniFi OS vulnerability.
infrastructure
3.4.16
The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart LED lighting systems and electric vehicle chargers) via a single interface.
The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used to manage commercial building systems such as smart lighting and EV chargers.
organisation
UniFi Access
On Thursday,
Ubiquiti patched
six more critical-severity security issues (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) in the UniFi Talk, UniFi Access, and UniFi Protect applications, in the company's UniFi OS Server, and across a wide range of Ubiquiti routers, gateways, NAS, and surveillance systems.
organisation
UniFi Protect
On Thursday,
Ubiquiti patched
six more critical-severity security issues (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) in the UniFi Talk, UniFi Access, and UniFi Protect applications, in the company's UniFi OS Server, and across a wide range of Ubiquiti routers, gateways, NAS, and surveillance systems.
organisation
NAS
On Thursday,
Ubiquiti patched
six more critical-severity security issues (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) in the UniFi Talk, UniFi Access, and UniFi Protect applications, in the company's UniFi OS Server, and across a wide range of Ubiquiti routers, gateways, NAS, and surveillance systems.
organisation
UniFi Talk Application
The vendor also addressed thcritical vulnerabilities:
CVE-2026-50747 (CVSS score of 9.9)
: The vulnerability affects
UniFi Talk Application
and consists of authenticated SQL injection flaws.
organisation
SQL
The vendor also addressed thcritical vulnerabilities:
CVE-2026-50747 (CVSS score of 9.9)
: The vulnerability affects
UniFi Talk Application
and consists of authenticated SQL injection flaws.
organisation
CVE-2026-50748
CVE-2026-50748 (CVSS score of 9.9)
: The vulnerability affects
UniFi Access Application
and is caused by improper input validation.
organisation
UniFi Access Application
CVE-2026-50748 (CVSS score of 9.9)
: The vulnerability affects
UniFi Access Application
and is caused by improper input validation.
organisation
CVE-2026-55115
CVE-2026-55115 (CVSS score of 9.9)
: The vulnerability affects
UniFi OS/UniFi Protect environments
and is related to a CORS misconfiguration.
organisation
UniFi OS/UniFi Protect
CVE-2026-55115 (CVSS score of 9.9)
: The vulnerability affects
UniFi OS/UniFi Protect environments
and is related to a CORS misconfiguration.
organisation
EV
The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used to manage commercial building systems such as smart lighting and EV chargers.
organisation
CVE-2026-54400
CVE-2026-54400 (CVSS score of 9.1)
: The vulnerability affects
UniFi Access Application
and is caused by improper access control.
organisation
CVE-2026-55116
CVE-2026-55116 (CVSS score of 9.0)
: The vulnerability affects certain
UniFi OS devices
and allows unauthorized changes through an improper access control issue under specific network conditions.
organisation
Improper Access Control
“A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.”
reads the advisory
.
"A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device," Ubiquiti explained.
organisation
Security Advisory Bulletin
Ubiquiti recommends updating affected products to the fixed versions listed in Security Advisory Bulletin 066.
infrastructure
50,000 IP addresses
Threat intelligence company Censys now
tracks over 100,000 UniFi OS instances
exposed online, most of them (nearly 50,000 IP addresses) found in the United States.
infrastructure
3.4.20
The company advised users to update the impacted UniFi Connect app to version 3.4.20 or later to secure their systems against potential attacks.
organisation
EDR
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Tactical Metrics
Metrics
infrastructure
10.0
Software Version
Click for context!
Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks.
Metrics
infrastructure
3.4.16
Software Version
The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used to manage commercial building systems such as smart lighting and EV chargers.
The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart LED lighting systems and electric vehicle chargers) via a single interface.
Metrics
infrastructure
50,000
Ip Addresses
Threat intelligence company Censys now
tracks over 100,000 UniFi OS instances
exposed online, most of them (nearly 50,000 IP addresses) found in the United States.
Metrics
infrastructure
3.4.20
Software Version
The company advised users to update the impacted UniFi Connect app to version 3.4.20 or later to secure their systems against potential attacks.
Intelligence Sources
BleepingComputer
2026-07-08
Ubiquiti warns of new max severity UniFi OS vulnerability
BleepingComputer
Security Affairs
2026-07-08
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-07-09T06:02
Comprehensive Tactical Telemetry
Highly Correlated Entities
20x
organisation
Identified Entity
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation
entity
8x
vulnerability
Exploited CVE
CVE-2026-50746
cve
8x
attribution
Attributing Entity
the U.S. Cybersecurity and Infrastructure Security Agency
authority
4x
vulnerability
CVSS Score
10
score
3x
tactic
Cyber Operation Type
Privilege Escalation
tactic
3x
infrastructure
Software Version
10.0
version
2x
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
2x
target region
Target Country
United States
country
2x
timeline
Temporal Reference
February 2024
date
2x
general metric
%
54
%
Contextual Telemetry
Context Block
5 METRICS
general metric
Security Advisory Bulletin
66
security advisory bulletin
general metric
Os Instances
100,000
os instances
infrastructure
Ip Addresses
50,000
ip addresses
industry
Targeted Sector
Government
sector
general metric
Critical Command Injection Flaw
5,330
critical command injection flaw
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.