Ubiquiti has launched a safety replace that patches seven essential vulnerabilities in UniFi OS, together with a most severity flaw tracked as CVE-2026-50746 that may be exploited in command injection assaults.
The CVE-2026-50746 vulnerability impacts the UniFi Join utility (variations 3.4.16 and earlier), a administration software program suite that Ubiquiti clients can use to automate and handle business constructing operations (together with good LED lighting methods and electrical automobile chargers) by way of a single interface.
“A malicious attacker with community entry might exploit an improper entry management vulnerability discovered within the UniFi Join utility to carry out command injection on the host machine,” Ubiquiti defined.
The corporate suggested customers to replace affected UniFi Join apps to model 3.4.20 or later to guard their methods from potential assaults.
On Thursday, Ubiquiti introduced UniFi Discuss, UniFi Entry, and UniFi We’ve got patched six extra severity safety points in Defend: CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, and CVE-2026-55116. purposes, the corporate’s UniFi OS server, and a variety of Ubiquiti routers, gateways, NAS, and surveillance methods.
Ubiquiti has not but disclosed whether or not any of those vulnerabilities have been really exploited earlier than they have been addressed, however did share that six of them might be exploited in low-complexity assaults that don’t require consumer interplay.
Menace intelligence firm Censys at present tracks greater than 100,000 situations of UniFi OS uncovered on-line, most of which (roughly 50,000 IP addresses) are present in the US. Nevertheless, there are not any particulars on what number of are already protected against these safety flaws or if they’re honeypots.

State-sponsored risk teams and cybercrime hacking teams have often focused Ubiquiti merchandise lately, hijacking them to construct botnets designed to cover their malicious actions.
For instance, in February 2024, the FBI dismantled Moobot, a botnet of Ubiquiti Edge OS routers utilized by Russia’s Basic Workers Intelligence Directorate (GRU) to proxy malicious site visitors in cyberespionage assaults.
4 years in the past, in April 2022, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) additionally added the Ubiquiti AirOS essential command injection flaw (CVE-2010-5330) to its catalog of actively exploited flaws and ordered authorities companies to patch their units inside three weeks.
Extra just lately, in June, CISA warned that hackers have been actively exploiting the three highest-severity UniFi OS flaws that had been patched a month earlier, requiring authorities companies to safe their methods inside three days.
Bishop Fox has since demonstrated that the vulnerability might be chained to distant code execution with elevated privileges and launched a free detection script to assist defenders uncover susceptible situations of their environments.
Safety groups doc 54% of profitable assaults and difficulty a warning on solely 14%. The remaining strikes invisibly by way of the atmosphere.
Picus’ whitepaper exhibits tips on how to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
