Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Ubiquiti Addresses Critical Security Flaws in UniFi Systems

Ubiquiti Addresses Critical Security Flaws in UniFi Systems

Posted on July 8, 2026 By CWS

Ubiquiti has released updates to fix several critical security vulnerabilities affecting its UniFi product line, including Connect, Talk, Access, Protect, and OS. These vulnerabilities, if exploited, could lead to privilege escalation and arbitrary command execution on affected systems.

Details of the Security Vulnerabilities

The critical vulnerabilities include CVE-2026-50746, an improper access control issue in the UniFi Connect Application, allowing network-accessible attackers to perform command injections. This flaw affects versions up to 3.4.16 and is resolved in version 3.4.20.

Another significant flaw, CVE-2026-50747, involves a series of authenticated SQL injection vulnerabilities in UniFi Talk, potentially leading to privilege escalation. This issue is present in versions 5.1.2 and earlier, with a fix available in version 5.2.2.

Additional Vulnerabilities and Fixes

Further vulnerabilities include CVE-2026-50748 and CVE-2026-54400 in UniFi Access, affecting versions 4.2.28 and earlier. These could allow for command injections and privilege escalation, respectively, and have been patched in version 4.2.29.

In UniFi Protect, CVE-2026-55115, a Server-Side Request Forgery (SSRF) vulnerability, could be used by attackers with low privileges to gain elevated access. This has been addressed in version 7.1.83. Additionally, two issues in UniFi OS, CVE-2026-54402 and CVE-2026-55116, have been patched in version 5.1.19.

Implications and Past Exploitations

While there are no indications that these specific vulnerabilities have been exploited in the wild, previous vulnerabilities in UniFi OS were reportedly used in real-world attacks, as noted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This highlights the importance of timely updates.

Moreover, Russian state-sponsored actors have been linked to the use of compromised Ubiquiti Edge OS routers in a botnet operation known as MooBot, which was dismantled in a 2024 enforcement action.

Ubiquiti’s prompt response in addressing these vulnerabilities underscores the critical need for users to apply updates to maintain network security and protect against potential threats.

The Hacker News Tags:CISA, command injection, critical security, CVE, Cybersecurity, network security, privilege escalation, software update, SQL injection, SSRF, Threat Actors, Ubiquiti, UniFi, UniFi OS, vulnerability patch

Post navigation

Previous Post: Details Emerge for SharePoint RCE Vulnerability Exploit
Next Post: AI Vulnerability Turns Claude Desktop into Remote Code Threat

Related Posts

FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering FBI Warns of Scattered Spider’s Expanding Attacks on Airlines Using Social Engineering The Hacker News
Empower Users and Protect Against GenAI Data Loss Empower Users and Protect Against GenAI Data Loss The Hacker News
WhatsApp Warns 200 Users of Fake iOS App Spyware WhatsApp Warns 200 Users of Fake iOS App Spyware The Hacker News
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises The Hacker News
Early Cyber Weapon ‘fast16’ Revealed by Researchers Early Cyber Weapon ‘fast16’ Revealed by Researchers The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ghost Phishing Unveils Security Gaps in Email Protection
  • AI Vulnerability Turns Claude Desktop into Remote Code Threat
  • Ubiquiti Addresses Critical Security Flaws in UniFi Systems
  • Details Emerge for SharePoint RCE Vulnerability Exploit
  • Understanding Email Security Failures: Join Our Webinar

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ghost Phishing Unveils Security Gaps in Email Protection
  • AI Vulnerability Turns Claude Desktop into Remote Code Threat
  • Ubiquiti Addresses Critical Security Flaws in UniFi Systems
  • Details Emerge for SharePoint RCE Vulnerability Exploit
  • Understanding Email Security Failures: Join Our Webinar

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark