Tech Translated

IT Security & Technology Blog

Practical IT insights for Australian businesses. Our team covers cybersecurity advisories, compliance updates, and plain-English explainers on the technology your business relies on, published regularly as the landscape shifts.

Security alert graphic with red warning elements on dark navy background for Ubiquiti UniFi vulnerability advisory

Ubiquiti patches maximum-severity UniFi flaw — update now

Ubiquiti has released security updates for seven critical vulnerabilities across its UniFi product line, including a maximum-severity command injection flaw scored CVSS 10.0. If your business runs UniFi networking gear — and a huge number of Australian SMBs do — you need to update immediately.

The worst of the bunch is CVE-2026-50746, an improper access control flaw in UniFi Connect Application (version 3.4.16 and earlier). Anyone on the same network can exploit it to run arbitrary commands on the host device — no login required, no user interaction needed. That’s about as bad as it gets.

Six more critical flaws hit UniFi Talk, UniFi Access, UniFi Protect, UniFi OS Server, and a range of Ubiquiti routers and gateways. All six can be exploited in low-complexity attacks without user interaction. Ubiquiti hasn’t confirmed whether any are being exploited in the wild yet, but given that CISA flagged active exploitation of previous UniFi flaws just last month, waiting is not a strategy.

Here’s what matters for Australian businesses: UniFi is the de facto standard for guest WiFi in hospitality venues, small office networks, and retail environments across the country. We see it in cafés on the Northern Beaches, accounting firms in Orange, and medical practices in Brisbane. It’s good kit — but only if it’s patched. The pattern we’re seeing across our client base is that UniFi controllers and applications get set up once and then forgotten, which is exactly how these flaws get exploited.

What to do right now: Update UniFi Connect Application to version 3.4.20 or later. Check all other UniFi applications and firmware against Ubiquiti’s Security Advisory Bulletin 066. If you’re not sure what version you’re running, that’s a problem in itself — talk to whoever manages your network.

If you’d like a hand checking your UniFi environment, our managed IT team can run through it with you.

Related Guide

Cybersecurity for Sydney SMBs

Explore our complete guide to protecting your business from cyber threats.

Read the Full Guide →