Ubiquiti patches max-severity UniFi OS flaws
π Ubiquiti released updates addressing seven critical UniFi OS vulnerabilities, including a maximum-severity command injection flaw (CVE-2026-50746) in the UniFi Connect Application. The flaw affects versions 3.4.16 and earlier and could allow a network-based attacker to execute commands on the host. Users are advised to upgrade UniFi Connect to version 3.4.20 or later. Six additional critical issues across UniFi Talk, Access, Protect, UniFi OS Server, and multiple devices were also patched.
