Ubiquiti patches maximum-severity UniFi flaw — update now
Ubiquiti has released security updates for seven critical vulnerabilities across its UniFi product line, including a maximum-severity command injection flaw scored CVSS 10.0. If your business runs UniFi networking gear — and a huge number of Australian SMBs do — you need to update immediately.
The worst of the bunch is CVE-2026-50746, an improper access control flaw in UniFi Connect Application (version 3.4.16 and earlier). Anyone on the same network can exploit it to run arbitrary commands on the host device — no login required, no user interaction needed. That’s about as bad as it gets.
Six more critical flaws hit UniFi Talk, UniFi Access, UniFi Protect, UniFi OS Server, and a range of Ubiquiti routers and gateways. All six can be exploited in low-complexity attacks without user interaction. Ubiquiti hasn’t confirmed whether any are being exploited in the wild yet, but given that CISA flagged active exploitation of previous UniFi flaws just last month, waiting is not a strategy.
Here’s what matters for Australian businesses: UniFi is the de facto standard for guest WiFi in hospitality venues, small office networks, and retail environments across the country. We see it in cafés on the Northern Beaches, accounting firms in Orange, and medical practices in Brisbane. It’s good kit — but only if it’s patched. The pattern we’re seeing across our client base is that UniFi controllers and applications get set up once and then forgotten, which is exactly how these flaws get exploited.
What to do right now: Update UniFi Connect Application to version 3.4.20 or later. Check all other UniFi applications and firmware against Ubiquiti’s Security Advisory Bulletin 066. If you’re not sure what version you’re running, that’s a problem in itself — talk to whoever manages your network.
If you’d like a hand checking your UniFi environment, our managed IT team can run through it with you.
Related Guide
Cybersecurity for Sydney SMBs
Explore our complete guide to protecting your business from cyber threats.
