AI WATCH MENA
Intelligence

Ubiquiti Patches Maximum-Severity UniFi Flaw Exposing 100,000 Devices

Ubiquiti has patched 25 vulnerabilities across its UniFi ecosystem, including a maximum-severity flaw that lets an unauthenticated attacker execute commands on the host with no credentials required. Roughly 100,000 UniFi endpoints are reachable from the public internet.

By AI Watch MENA Staff · July 9, 2026
Ubiquiti Patches Maximum-Severity UniFi Flaw Exposing 100,000 Devices

Key Takeaways

Ubiquiti has disclosed 25 security vulnerabilities across its UniFi product ecosystem, and the most severe of them clears every threshold that makes a flaw genuinely urgent: no authentication required, no user interaction, low attack complexity, and full compromise of the host device.

The flaw, tracked as CVE-2026-50746, carries a perfect CVSS score of 10.0. It sits in the UniFi Connect Application, the interface Ubiquiti customers use to manage commercial building systems such as smart lighting and electric vehicle charging infrastructure, and stems from improper access control that lets an attacker with only network reachability execute arbitrary operating system commands on the host. Ubiquiti has not published the specific technical mechanism behind the flaw, so the immediate priority is patching rather than analysis. Any organisation running UniFi Connect Application version 3.4.16 or earlier should update to 3.4.20 or later without delay.

The disclosure, published under Ubiquiti's Security Advisory Bulletin 066, does not stop at one flaw. Six additional critical vulnerabilities were patched alongside it. CVE-2026-50747, rated 9.9, is a set of authenticated SQL injection flaws in UniFi Talk that let a low-privileged attacker escalate to full host control. CVE-2026-50748, also 9.9, is a command injection flaw in UniFi Access exploitable with only low privileges. CVE-2026-54402, rated 9.9, is an SSRF vulnerability affecting UniFi OS Server that similarly allows privilege escalation with minimal starting access. CVE-2026-55115, rated 9.9, is a server-side request forgery flaw in UniFi Protect. CVE-2026-54400, rated 9.1, is an access control flaw in UniFi Access exploitable by a higher-privileged attacker. CVE-2026-55116, rated 9.0, allows unauthorised configuration changes on affected UniFi OS devices. Beyond the seven critical issues, the bulletin lists a further set of high-severity flaws, including path traversal, authentication bypass, and additional SQL injection issues, some of which Ubiquiti explicitly warns can be chained together to bypass low-privilege access requirements entirely.

What makes this disclosure particularly worth prioritising is scale of exposure rather than novelty of technique. Threat intelligence firm Censys estimates roughly 100,000 UniFi OS endpoints are currently reachable from the public internet, a substantial population of devices sitting exposed while patches roll out. UniFi hardware runs the networking, WiFi, physical security, and access control infrastructure behind a very large number of small and medium enterprises, hospitality venues, and retail locations, environments where a single internet-facing management interface can become the entry point into an entire site's network.

There is also recent precedent that argues against treating this as routine patch-cycle maintenance. A separate set of UniFi OS vulnerabilities, disclosed and patched roughly six weeks before this bulletin, was added to the US Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalogue after confirmed active exploitation. Ubiquiti has not confirmed exploitation of any of the flaws in this new bulletin as of publication, and no public proof-of-concept has surfaced for CVE-2026-50746 specifically, but the pattern from the prior chain suggests the window between disclosure and active abuse for this product family has been measured in weeks rather than months.

No interim workarounds are available for any of the flaws in this bulletin. Administrators running UniFi Connect Application 3.4.16 or earlier, UniFi Talk 5.1.2 or earlier, UniFi Access 4.2.28 or earlier, UniFi OS Server 5.1.15 or earlier, or UniFi Protect 7.1.77 or earlier should treat today's updates as immediate, not scheduled maintenance. Security teams should also restrict management-plane access to trusted networks only, rather than relying on patching alone, and review logs for unusual host or management-interface activity in the meantime. Given how frequently vulnerable network management interfaces end up as the quiet entry point behind a much larger compromise, this is exactly the kind of exposure that continuous monitoring is designed to catch before a patch window closes rather than after.

Related Articles

Intelligence

OmniOps and Hamsa Partner to Bring Sovereign Arabic Voice AI to Saudi Enterprises

OmniOps and Hamsa have formed an exclusive partnership to deliver production ready Arabic voice AI to Saudi enterprises through locally hosted, sovereign infrastructure built for regulatory compliance.

Jul 15, 2026

Intelligence

Saudi Deeptech Startup Think Closes MENA's Largest AI Infrastructure Pre-Seed Round at $8 Million

Riyadh based deeptech company Think has closed an $8 million pre-seed round, the largest AI infrastructure and deeptech pre-seed raise in MENA to date, to scale a platform designed to cut AI compute costs by up to tenfold.

Jul 15, 2026

Intelligence

Former INTERPOL President Ahmed Naser Al-Raisi Joins Neurovia AI to Build Sovereign AI Infrastructure in the UAE

H.E. Ahmed Naser Al-Raisi, former President of INTERPOL, has been appointed Chairman of Neurovia AI, strengthening governance oversight as the company builds sovereign AI infrastructure across the UAE and wider GCC region.

Jul 14, 2026

Intelligence

Inception42 and NXT Holding Sign Strategic AI Partnership to Scale Sovereign Enterprise Solutions Across the UAE

Inception42 and NXT Holding have signed an agreement spanning five areas of AI collaboration, combining sovereign enterprise AI capabilities with an expanding portfolio of operating companies across the UAE and international markets.

Jul 13, 2026

Intelligence

Kuadra to Launch First Unified AI Platform for Egypt's Construction Sector

Kuadra is preparing to launch what it calls the construction industry's first unified AI platform to manage the full project lifecycle for Egyptian contractors, starting with automated tender analysis.

Jul 13, 2026