Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
10.0

CVE-2026-50746: UniFi Connect Application Network Access Control Bypass

CVE-2026-50746 CVE-2026-50746
Summary

A vulnerability in UniFi Connect Application allows an attacker with network access to potentially take control of a device. This could happen if an attacker is able to execute malicious commands on the device. To protect against this, ensure that UniFi Connect Application is updated to the latest version and implement network access controls to limit unauthorized access.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
ubiquiti inc unifi connect application < 3.4.20
Original title
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
Original description
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
mitre CVSS3.1 10.0
Vulnerability type
CWE-284 Improper Access Control
Published: 2 Jul 2026 · Updated: 3 Jul 2026 · First seen: 2 Jul 2026