UniFi Connect Application command injection (CVE-2026-50746)
VulnerabilityFirst reported
Last updated
Happening score
H score
37
Summary
Hide ▲
Show ▼
CVE-2026-50746 leaves UniFi Connect Application exposed to command injection on the host device for deployments running 3.4.16 and earlier. Ubiquiti fixed the improper access control flaw in version 3.4.20. The weakness carries a CVSS 10.0 score and requires network access to exploit.
Timeline
-
08.07.2026 17:38 2 articles · 1d ago
Ubiquiti ships UniFi Connect fix for CVE-2026-50746
Mitigation Patch UpdateUbiquiti shipped an update for UniFi Connect Application to address CVE-2026-50746, an improper access control flaw that could let an attacker with access to the network execute command injection on the host device. The vulnerability affected version 3.4.16 and earlier, and Ubiquiti fixed it in version 3.4.20.
Show sources
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS — thehackernews.com — 08.07.2026 17:38
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS — thehackernews.com — 08.07.2026 17:38