Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Ubiquiti warns of new max severity UniFi OS vulnerability

    July 8, 2026

    Review of a Canadian Security Intelligence Service Warranted Threat Reduction Measure

    July 7, 2026

    Recovering Active ADFS Signing Keys via Machine DPAPI

    July 7, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Ubiquiti warns of new max severity UniFi OS vulnerability
    News

    Ubiquiti warns of new max severity UniFi OS vulnerability

    adminBy adminJuly 8, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Ubiquiti

    Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw tracked as CVE-2026-50746 that can be exploited in command injection attacks.

    The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations (including smart LED lighting systems and electric vehicle chargers) via a single interface.

    “A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device,” Ubiquiti explained.

    image

    The company advised users to update the impacted UniFi Connect app to version 3.4.20 or later to secure their systems against potential attacks.

    On Thursday, Ubiquiti patched six more critical-severity security issues (CVE-2026-50747, CVE-2026-50748, CVE-2026-54400, CVE-2026-54402, CVE-2026-55115, CVE-2026-55116) in the UniFi Talk, UniFi Access, and UniFi Protect applications, in the company’s UniFi OS Server, and across a wide range of Ubiquiti routers, gateways, NAS, and surveillance systems.

    Ubiquiti has yet to disclose whether any of these vulnerabilities were exploited in the wild before being addressed, but shared that six of them can be exploited in low-complexity attacks that don’t require user interaction.

    Threat intelligence company Censys now tracks over 100,000 UniFi OS instances exposed online, most of them (nearly 50,000 IP addresses) found in the United States. However, there are no details on how many have already been secured against these security flaws or are honeypots.

    Internet-exposed UniFi OS instances
    Internet-exposed UniFi OS instances (Censys)

    ​State-sponsored threat groups and cybercrime hacking groups have often targeted Ubiquiti products in recent years, hijacking them to build botnets designed to conceal malicious activity.

    For instance, in February 2024, the FBI dismantled Moobot, a botnet of Ubiquiti Edge OS routers used by Russia’s Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic in cyberespionage attacks.

    Four years earlier, in April 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added a critical command injection flaw (CVE-2010-5330) in Ubiquiti AirOS to its catalog of actively exploited flaws and ordered government agencies to patch their devices within three weeks.

    More recently, in June, CISA warned that hackers were actively exploiting three max-severity UniFi OS flaws that had been patched one month earlier and mandated that agencies secure their systems within three days.

    Bishop Fox later demonstrated that the vulnerabilities could be chained to achieve remote code execution with elevated privileges and released a free detection script to help defenders discover vulnerable instances in their environments.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleReview of a Canadian Security Intelligence Service Warranted Threat Reduction Measure
    admin
    • Website

    Related Posts

    News

    Review of a Canadian Security Intelligence Service Warranted Threat Reduction Measure

    July 7, 2026
    News

    Recovering Active ADFS Signing Keys via Machine DPAPI

    July 7, 2026
    News

    Review of the Canadian Security Intelligence Service Counter-Intelligence Targeting

    July 7, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202633 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Ubiquiti warns of new max severity UniFi OS vulnerability

    July 8, 2026

    Review of a Canadian Security Intelligence Service Warranted Threat Reduction Measure

    July 7, 2026

    Recovering Active ADFS Signing Keys via Machine DPAPI

    July 7, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.