Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Ubiquiti Exposes 25 Critical UniFi Security Flaws

Ubiquiti Exposes 25 Critical UniFi Security Flaws

Posted on July 7, 2026 By CWS

In a recent security advisory, Ubiquiti has announced the discovery of 25 vulnerabilities within its UniFi ecosystem. These issues, detailed in Security Advisory Bulletin 066, include several critical vulnerabilities with CVSS v3.1 scores of 9.9 and 10.0, posing significant risks of network-based attacks allowing complete device compromise.

Key Vulnerabilities Identified

The vulnerabilities affect a range of UniFi products, including Connect, Talk, Access, Protect, and Network Applications, as well as the core UniFi OS platform utilized by UDM, UNVR, and UNAS device families. Last month, Ubiquiti addressed critical vulnerabilities that allowed remote privilege escalation on the UniFi OS platform.

Among the most severe issues is CVE-2026-50746, receiving a maximum score of 10.0. This flaw involves improper access control in the UniFi Connect Application (version 3.4.16 and before), allowing unauthenticated attackers on the network to execute command injections. Other critical vulnerabilities, such as CVE-2026-50747 and CVE-2026-50748, involve SQL injection and command injection in UniFi Talk and Access, respectively, both scored at 9.9.

Impact on UniFi Products

Additional significant bugs include CVE-2026-54402, a command injection vulnerability in the UniFi OS, and CVE-2026-55115, which involves SSRF-driven privilege escalation in UniFi Protect, both rated at 9.9. Another notable vulnerability is CVE-2026-55116, an improper access control issue with a score of 9.0, which impacts UDM, UDM-Pro, UDM-SE, and related gateway hardware, allowing unauthorized configuration changes.

High-severity vulnerabilities also include CVE-2026-54403, a path traversal issue rated 8.6, and CVE-2026-54404, which exploits authenticated SQL injection. These vulnerabilities could be combined to bypass low-privilege access requirements.

Mitigation and Future Outlook

Ubiquiti has released updates for all affected products, urging administrators to apply these patches immediately. The fixed versions address vulnerabilities across various applications, including UniFi Connect, Talk, Access, Network Application, and Protect.

The advisory credits numerous independent security researchers for uncovering these vulnerabilities, highlighting the collaborative effort to enhance the security of UniFi products. With no interim workarounds available, organizations using affected hardware are advised to prioritize firmware updates to safeguard their networks against potential exploitation.

As security threats continue to evolve, maintaining up-to-date systems remains crucial for protecting organizational networks from cyber threats. Ubiquiti’s proactive disclosure and patching of these vulnerabilities underscore the importance of vigilance and timely response in cybersecurity.

Cyber Security News Tags:critical flaws, CVE, CVSS, Cybersecurity, Information Security, IT security, network protection, network security, patch release, security advisory, security vulnerabilities, software update, technology news, Ubiquiti, UniFi

Post navigation

Previous Post: Phishing Campaign Exploits AnyDesk for Espionage
Next Post: Cyber Espionage Campaign Targets Ukraine with RDP and WinRAR Exploits

Related Posts

Researchers Uncovered on How Russia Leverages Private Companies, Hacktivist to Strengthen Cyber Capabilities Researchers Uncovered on How Russia Leverages Private Companies, Hacktivist to Strengthen Cyber Capabilities Cyber Security News
New TAOTH Campaign Exploits End-of-Support Software to Distribute Malware and Collect Sensitive Data New TAOTH Campaign Exploits End-of-Support Software to Distribute Malware and Collect Sensitive Data Cyber Security News
Hackers Abuse Microsoft 365’s Direct Send Feature to Deliver Internal Phishing Attacks Hackers Abuse Microsoft 365’s Direct Send Feature to Deliver Internal Phishing Attacks Cyber Security News
Ghost SPN Attack Evades Detection in Cybersecurity Ghost SPN Attack Evades Detection in Cybersecurity Cyber Security News
Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks Infostealer Malware is Being Exploited by APT Groups for Targeted Attacks Cyber Security News
Cybercriminals Exploit PowerShell for Sophisticated Phishing Attacks Cybercriminals Exploit PowerShell for Sophisticated Phishing Attacks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Cyber Espionage Campaign Targets Ukraine with RDP and WinRAR Exploits
  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Cyber Espionage Campaign Targets Ukraine with RDP and WinRAR Exploits
  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark