Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS
Ubiquiti released urgent patches for critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS, addressing risks of privilege escalation and arbitrary command execution. High-severity flaws include a CVSS 10.0 command injection in UniFi Connect, authenticated SQL injection in UniFi Talk, and SSRF in UniFi Protect, all fixable via immediate software updates. Although these specific flaws show no active exploitation, CISA flagged related UniFi OS vulnerabilities as weaponized in
Analysis
TL;DR
- Ubiquiti released urgent patches for critical vulnerabilities across UniFi Connect, Talk, Access, Protect, and OS, addressing risks of privilege escalation and arbitrary command execution.
- High-severity flaws include a CVSS 10.0 command injection in UniFi Connect, authenticated SQL injection in UniFi Talk, and SSRF in UniFi Protect, all fixable via immediate software updates.
- Although these specific flaws show no active exploitation, CISA flagged related UniFi OS vulnerabilities as weaponized in the wild, and historical context includes Russian state-sponsored actors using compromised hardware for botnets.
Why It Matters
This update is critical for organizations relying on Ubiquiti’s ecosystem for network infrastructure, as unpatched systems are susceptible to complete compromise through command injection and privilege escalation. The presence of weaponized vulnerabilities in similar components highlights an active threat landscape where IoT and networking gear are increasingly targeted by sophisticated actors, necessitating immediate remediation to prevent lateral movement within corporate networks.
Technical Details
- UniFi Connect (CVE-2026-50746): Improper access control allowing command injection; CVSS 10.0. Fixed in version 3.4.20.
- UniFi Talk (CVE-2026-50747): Authenticated SQL injection leading to privilege escalation; CVSS 9.9. Fixed in version 5.2.2.
- UniFi Access (CVE-2026-50748 & CVE-2026-54400): Command injection via improper input validation (CVSS 9.9) and privilege escalation via improper access control (CVSS 9.1). Both fixed in version 4.2.29.
- UniFi Protect (CVE-2026-55115): SSRF allowing low-privilege users to escalate privileges; CVSS 9.9. Fixed in version 7.1.83.
- UniFi OS (CVE-2026-54402 & CVE-2026-55116): Command injection via input validation errors (CVSS 9.9) and unauthorized device changes via access control flaws (CVSS 9.0). Both fixed in version 5.1.19.
Industry Insight
- Immediate Patching Priority: Administrators must prioritize updating all UniFi components to the specified versions, as the high CVSS scores indicate easy exploitability for attackers with network access.
- Supply Chain Vigilance: The reference to CISA-flagged weaponized vulnerabilities suggests that attackers are actively probing for known weaknesses in popular networking hardware; maintaining strict version control and monitoring for new CVEs is essential.
- Network Segmentation: Given the risk of privilege escalation from low-privilege accounts, enforcing strict network segmentation between IoT devices and core infrastructure remains a vital defense-in-depth strategy.
Disclaimer: The above content is generated by AI and is for reference only.