# UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover

_Friday, July 10, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover — Primary](https://d.techtimes.com/en/full/468256/unifi.png)

Ubiquiti published Security Advisory Bulletin 066 on Wednesday disclosing seven critical vulnerabilities across its UniFi product ecosystem, the company said. The most severe, CVE-2026-50746, carries a CVSS 10.0 score and allows unauthenticated attackers with network access to execute arbitrary operating system commands. Threat intelligence firm Censys estimates approximately 100,000 UniFi OS endpoints are reachable from the public internet. Administrators running UniFi Connect Application version 3.4.16 or earlier, UniFi Talk 5.1.2 or earlier, UniFi Access 4.2.28 or earlier, UniFi OS Server 5.1.15 or earlier, or UniFi Protect 7.1.77 or earlier need to apply updates immediately. The advisory follows a structurally identical vulnerability chain patched six weeks ago that is actively exploited by a Mirai variant botnet and was added to CISA's Known Exploited Vulnerabilities catalog on June 23. Ubiquiti has now issued three critical security advisories for UniFi OS products since May 21. The six companion flaws include CVE-2026-50747 and CVE-2026-50748, both rated CVSS 9.9, affecting UniFi Talk and UniFi Access respectively. Additional critical vulnerabilities affect UniFi OS Server and UniFi Protect. Ubiquiti also flagged CVE-2026-54403, a path traversal flaw rated CVSS 8.6, that can be chained with other vulnerabilities to bypass authentication requirements. Fixed versions are available for all affected products.

## Sources

- [techtimes.com](https://www.techtimes.com/articles/319919/20260708/unifi-cvss-100-flaw-exposes-100000-endpoints-unauthenticated-takeover.htm)

---
Canonical: https://techandbusiness.org/newswire/A9KxU337ELsycETkol5hwr
Retrieved: 2026-07-10T08:52:05.985Z
Publisher: Tech & Business (techandbusiness.org)
