// Blog / News

Ubiquiti just patched 7 critical UniFi flaws: what to do if you run UniFi

Share

Ubiquiti has released fixes for seven critical vulnerabilities across its UniFi platform, including one rated the maximum 10 out of 10. None are confirmed exploited yet, but UniFi has become a repeat target this year, so if you run UniFi gear, treat this as a patch-now moment.

What happened

In a security advisory this week, Ubiquiti disclosed and patched seven critical flaws affecting UniFi products including UniFi Connect, Talk, Access, Protect, and the underlying UniFi OS. The most severe, tracked as CVE-2026-50746 with a maximum CVSS score of 10.0, is an access-control flaw in the UniFi Connect application (version 3.4.16 and earlier) that lets an attacker already on the network run commands directly on the device. The fix is to update UniFi Connect to version 3.4.20 or later, along with the latest updates for the other affected products.

What makes the batch notable is that six of the seven can be exploited in low-complexity attacks that need no user interaction. In plain terms, once an attacker can reach the device on your network, there is little standing in their way.

Why this matters for a small business

This is the second serious UniFi advisory in a matter of weeks. Last month, as we wrote at the time, CISA confirmed that attackers were actively exploiting three maximum-severity UniFi OS flaws that had been patched roughly a month earlier. That is the pattern worth internalizing:

  • A patch only protects you once you apply it. The dangerous window is the gap between a fix being released and you actually installing it, and attackers reverse-engineer patches quickly to attack the businesses that are slow.
  • UniFi runs important things. These devices are often the network, the cameras, the door access, and the phones for a small business, so control of them is control of a lot.
  • Popular kit is a popular target. UniFi is widely used by small businesses precisely because it is good value, which also makes it worth an attacker's time to find flaws in.

What to do

  • Update now. Get UniFi Connect to 3.4.20 or later, and apply the latest available updates across your UniFi OS and any Talk, Access, or Protect applications you run.
  • Turn on automatic updates where it is sensible to do so, so the patch window closes on its own.
  • Do not expose UniFi management to the internet. Remote management should be reached through secure, controlled access, not left open.
  • If you are not sure what you are running, have someone check your versions. "We think it updates itself" is not the same as knowing.

Sources:Ubiquiti, Security Advisory Bulletin 066BleepingComputer, Ubiquiti warns of new max severity UniFi OS vulnerability

Not sure your UniFi gear is up to date?

Talk to us

Related