Find notable cyber news and cases, enriched with sources, timelines, and signals.

UniFi Connect Application command injection (CVE-2026-50746)

Vulnerability
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-50746 leaves UniFi Connect Application exposed to command injection on the host device for deployments running 3.4.16 and earlier. Ubiquiti fixed the improper access control flaw in version 3.4.20. The weakness carries a CVSS 10.0 score and requires network access to exploit.

Timeline

  1. 08.07.2026 17:38 2 articles · 1d ago

    Ubiquiti ships UniFi Connect fix for CVE-2026-50746

    Mitigation Patch Update

    Ubiquiti shipped an update for UniFi Connect Application to address CVE-2026-50746, an improper access control flaw that could let an attacker with access to the network execute command injection on the host device. The vulnerability affected version 3.4.16 and earlier, and Ubiquiti fixed it in version 3.4.20.

    Show sources