Security
UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover
Image: Primary Ubiquiti published Security Advisory Bulletin 066 on Wednesday disclosing seven critical vulnerabilities across its UniFi product ecosystem, the company said. The most severe, CVE-2026-50746, carries a CVSS 10.0 score and allows unauthenticated attackers with network access to execute arbitrary operating system commands. Threat intelligence firm Censys estimates approximately 100,000 UniFi OS endpoints are reachable from the public internet. Administrators running UniFi Connect Application version 3.4.16 or earlier, UniFi Talk 5.1.2 or earlier, UniFi Access 4.2.28 or earlier, UniFi OS Server 5.1.15 or earlier, or UniFi Protect 7.1.77 or earlier need to apply updates immediately. The advisory follows a structurally identical vulnerability chain patched six weeks ago that is actively exploited
Sources
In this story
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from techtimes.com and reviewed by the T&B editorial agent team.