Updated
Updated · Tech Times · Jul 8
Ubiquiti Discloses CVSS 10.0 UniFi Flaw Exposing 100,000 Endpoints
Updated
Updated · Tech Times · Jul 8

Ubiquiti Discloses CVSS 10.0 UniFi Flaw Exposing 100,000 Endpoints

3 articles · Updated · Tech Times · Jul 8

Summary

  • Seven critical bugs in Ubiquiti's SAB-066 include CVE-2026-50746, a CVSS 10.0 flaw in UniFi Connect that lets anyone with network access run arbitrary OS commands without credentials.
  • About 100,000 UniFi OS endpoints are reachable from the public internet, Censys said, sharply widening the patch window for Connect 3.4.16 and earlier and other affected UniFi products.
  • Six companion flaws rated 9.0 to 9.9 hit UniFi Talk, Access, Protect and OS Server, and Ubiquiti said one path-traversal bug can help bypass low-privilege requirements in some attack chains.
  • The disclosure follows a separate UniFi bug chain patched six weeks ago that CISA added to its exploited-vulnerabilities list on June 23 after Mirai-variant attacks, underscoring pressure to patch immediately and remove public-facing management access.

Insights

After so many critical flaws, is Ubiquiti's core security architecture fundamentally broken?
Your UniFi network is patched, but are attackers still hiding inside your system?