CVE Record
[ CRITICAL ] CVE-2026-50746
Ubiquiti UniFi Connect command injection (Bulletin 066)
Improper access control in Ubiquiti UniFi Connect ≤3.4.16 lets an attacker with network access execute command injection on the host device. CVSS 10.0. Fixed in 3.4.20.
- Vendor
- Ubiquiti
- Product
- UniFi Connect (3.4.16 and earlier)
- CVSS
- 10.0
- EPSS (exploit probability)
- N/A
- Status
- patched
- Published
CVE-2026-50746 is the max-severity item in Ubiquiti’s Security Advisory Bulletin 066: an improper access control in UniFi Connect that permits command injection on the host device by an actor with network access to the appliance. NVD rates it CVSS 10.0 critical.
Affected
- Ubiquiti UniFi Connect — versions 3.4.16 and earlier.
Patched
- UniFi Connect 3.4.20 or later.
Exploitation status
- No confirmed in-the-wild exploitation as of publication; Ubiquiti “has yet to disclose whether any of these vulnerabilities were exploited in the wild,” per BleepingComputer.
- No public proof-of-concept posted.
- Not on CISA KEV at time of publication.
Companion CVEs in Bulletin 066
The same bulletin covers six additional critical vulnerabilities across UniFi OS, UniFi Access, and adjacent applications:
- CVE-2026-50747 — CVSS 9.9.
- CVE-2026-50748 — CVSS 9.9.
- CVE-2026-54400 — CVSS 9.1 (UniFi Access, privilege escalation requiring high existing privileges).
- CVE-2026-54402 — CVSS 9.9.
- CVE-2026-55115 — CVSS 9.9.
- CVE-2026-55116 — CVSS 9.0 (UniFi OS, unauthorized changes gated by certain network configurations).
Sourcing
- NVD: CVE-2026-50746
- Vendor advisory: Ubiquiti Security Advisory Bulletin 066
- BleepingComputer: Ubiquiti warns of new max severity UniFi OS vulnerability