Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. UniFi Connect Critical RCE via Command Injection CVE-2026-50746
UniFi Connect Critical RCE via Command Injection CVE-2026-50746

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2026-50746

UniFi Connect Critical RCE via Command Injection CVE-2026-50746

A maximum-severity command injection vulnerability in Ubiquiti's UniFi Connect Application allows any network-accessible attacker to execute arbitrary OS...

Dylan H.

Security Team

July 3, 2026
4 min read

Affected Products

  • Ubiquiti UniFi Connect Application (all versions prior to patch)

Executive Summary

Ubiquiti has disclosed a critical command injection vulnerability in the UniFi Connect Application tracked as CVE-2026-50746 with a maximum CVSS score of 10.0. A malicious actor with access to the network can exploit an Improper Access Control weakness to inject and execute OS-level commands directly on the host device — no elevated privileges required beyond basic network reachability.

CVSS Score: 10.0 (Critical)


Vulnerability Overview

AttributeValue
CVE IDCVE-2026-50746
CVSS Score10.0 (Critical)
TypeCommand Injection via Improper Access Control
ProductUniFi Connect Application
VendorUbiquiti Networks
Attack VectorNetwork
AuthenticationNetwork access sufficient (no host auth required beyond network reach)
Privileges RequiredNone beyond network access
User InteractionNone
ImpactFull OS command execution on host device
Published2026-07-02

Technical Details

The vulnerability stems from Improper Access Control in the UniFi Connect Application's network-facing interface. An attacker positioned on the network can craft a malicious request that bypasses intended access controls and passes unsanitized input directly to OS-level command execution routines.

Attack Surface

UniFi Connect is a Ubiquiti platform used to manage physical access control systems — door readers, intercoms, and connected entry hardware. The application runs on UniFi OS-based devices and is accessible over the local network (and often the internet in misconfigured deployments).

Attack Flow

1. Attacker gains network access to the UniFi Connect host
2. Sends crafted request exploiting Improper Access Control flaw
3. Application passes attacker-controlled input to OS command handler
4. Arbitrary command executes on the underlying host system
5. Attacker achieves full control of the host device

Why CVSS 10.0

The maximum possible score reflects:

  • No authentication required beyond network reachability
  • No user interaction needed
  • Full confidentiality, integrity, and availability impact on the host
  • Trivially reachable attack surface (standard network protocol)

Affected Products and Remediation

ProductStatus
UniFi Connect ApplicationPatch available — update immediately

Ubiquiti has released a patched version addressing this vulnerability. Administrators should update through the UniFi OS System settings immediately.

Immediate Actions

  1. Update UniFi Connect Application to the latest patched version via UniFi OS
  2. Audit network exposure — restrict UniFi OS management interfaces from public internet access
  3. Enable UniFi Network Application firewall rules to limit management plane access to trusted hosts
  4. Review access logs on UniFi Connect hosts for anomalous command activity
  5. Segment IoT/access-control networks from corporate infrastructure

Risk Context

Physical Access Control Implications

UniFi Connect manages physical security infrastructure. A successful exploit does not merely compromise a software application — it can:

  • Disable or manipulate door locks and access readers
  • Grant unauthorized physical building access
  • Destroy audit trails for physical entry events
  • Pivot into broader corporate network from the access control segment

This cross-domain impact (cyber → physical) significantly elevates the real-world risk beyond what the CVSS score alone conveys.

Ubiquiti Deployment Scale

Ubiquiti's UniFi product line is extremely popular in SMB, enterprise, and campus environments. The broad deployment footprint means this vulnerability has a correspondingly large attack surface if mass-scanning or exploitation campaigns begin.


Detection

IndicatorDetection Method
Unexpected process spawning from UniFi Connect serviceHost process monitoring
Anomalous outbound connections from UniFi OS deviceNetwork egress monitoring
Modified configuration or credential filesFile integrity monitoring
Failed auth attempts followed by command executionLog analysis

References

  • NVD — CVE-2026-50746
  • Ubiquiti Security Advisory
  • CISA Known Exploited Vulnerabilities Catalog

Related Reading

  • UniFi Talk SQL Injection Privilege Escalation CVE-2026-50747
  • UniFi Access Command Injection CVE-2026-50748
  • UniFi Access Improper Access Control CVE-2026-54400
#Ubiquiti#UniFi#CVE-2026-50746#Command Injection#RCE#Critical#Network Security

Related Articles

UniFi Access Application Command Injection RCE CVE-2026-50748

An improper input validation flaw in Ubiquiti's UniFi Access Application enables low-privileged network attackers to inject OS commands and execute...

4 min read

CVE-2026-47370: UniFi OS Command Injection via Improper Input Validation

A critical CVSS 9.9 command injection vulnerability in Ubiquiti UniFi OS allows a low-privileged network attacker to execute arbitrary commands within...

5 min read

CVE-2026-34910 — UniFi OS Unauthenticated Command Injection

A CVSS 10.0 command injection vulnerability in UniFi OS allows any network-accessible attacker with no credentials to execute arbitrary OS commands,...

7 min read
Back to all Security Alerts