Ubiquiti released a UniFi security advisory, Bulletin 066. It fixes 25 flaws in UniFi products. One bug in the UniFi Connect app scores a top mark of 10.0. Several more are critical. They allow command injection or let an attacker gain more access.
Why This UniFi Security Advisory Matters
UniFi gear runs in homes, offices, and data centers. Home users, small firms, and large sites all run this gear. Many units also sit at the network edge. They handle cameras, phones, and door access. So this UniFi security advisory hits a wide user base.
Protect runs video cameras. Access guards physical doors. A breach could leak footage or open a door. The worst bug needs no login at all. So a network attacker could take over a host with no account.
How the Attacks Work
The 25 issues fall into a few groups. Seven are critical, and the other 18 are high. Most need only network access, and many need low rights. A few need no login, which widens the threat.
Command Injection and RCE
CVE-2026-50746 hits the UniFi Connect app and scores 10.0. A network attacker could run code on the host with no login. A second bug, CVE-2026-54402, adds command injection to UniFi OS at 9.9.
SQL Injection and SSRF
Some bugs use SQL injection to gain more access. UniFi Talk, UniFi OS, and UniFi Protect each carry one. These need a valid login first. Even so, a low-level user could reach admin power. A server-side request forgery bug, CVE-2026-55115, hits UniFi Protect at 9.9.
Path Traversal and Auth Bypass
Other flaws skip the login check or read stray files. Notably, CVE-2026-54403 can be chained with other bugs. That trick drops the need for low-level access, so the risk grows.
Denial of Service and Camera Access
A few bugs hit uptime and cameras. CVE-2026-54405 can crash the UniFi Network app. Separately, CVE-2026-54409 can skip the login on UniFi Protect cameras.
Affected Products and Versions
The bulletin spans many UniFi lines. Here are the key fixed builds:
- UniFi Connect app: 3.4.20 or later
- UniFi Talk app: 5.2.2 or later
- UniFi Access app: 4.2.29 or later
- UniFi Network app: 10.4.57 or later
- UniFi Protect app: 7.1.83 or later
- UniFi OS devices: 5.1.19 or later
- UniFi Protect Floodlight: 1.13.6 or later
Patch and Mitigation
Update each affected UniFi product now. For the full device list and builds, read the official Ubiquiti advisory. Where you can, keep admin access on trusted networks only. That step adds a useful layer. Cloud-managed setups update on their own. Self-hosted servers, though, need a manual patch.
Exploitation Status
Ubiquiti thanks outside experts for the private reports. The advisory shows no active attacks and no public exploit. Still, the critical scores make fast patching wise. Attackers often study patches to build exploits, so delay adds risk.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.