Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has patched a critical CVSS 10.0 vulnerability in UniFi OS capable of allowing unauthenticated takeovers.
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
Ubiquiti has disclosed 25 security vulnerabilities across its UniFi ecosystem. This includes a maximum severity flaw in UniFi OS and patches for UniFi Connect, Talk, Access, and Protect. One specific vulnerability, CVE-2026-50746, has been addressed in UniFi Connect.
Coverage from BleepingComputer, The Hacker News, and CyberSecurityNews emphasizes the breadth of the vulnerabilities across the ecosystem. Tech Times reports that the CVSS 10.0 flaw exposes 100,000 endpoints to unauthenticated takeover. Users are encouraged to apply the patches released for UniFi OS and associated services.
SOCRadar® Cyber Intelligence Inc. confirms the fix for CVE-2026-50746.
Synthesized by Archynetys from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated 1h ago.
Quick answers
What is the severity of the UniFi OS vulnerability?
The vulnerability is described as max severity with a CVSS score of 10.0.
How many endpoints are reportedly exposed?
According to Tech Times, 100,000 endpoints are exposed to unauthenticated takeover.
Which UniFi services were affected by these flaws?
The vulnerabilities spanned the UniFi ecosystem, specifically impacting UniFi OS, Connect, Talk, Access, and Protect.
Coverage (5)
- Ubiquiti Fixes CVE-2026-50746 in UniFi Connect SOCRadar® Cyber Intelligence Inc. · 18h ago
- UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover Tech Times · 18h ago
- Ubiquiti Disclosed 25 Security Vulnerabilities Across the UniFi Ecosystem CyberSecurityNews · 18h ago
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS The Hacker News · 18h ago
- Ubiquiti warns of new max severity UniFi OS vulnerability BleepingComputer · 18h ago
Topics
Related trends
China issues 'backdoor' security alert over Anthropic's Claude Code
China has issued a security alert claiming to have found 'backdoor' vulnerabilities in Anthropic's Claude Code AI tool.
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors are actively exploiting a critical Gitea Docker authentication bypass vulnerability (CVE-2026-20896) following its disclosure.
Flipper Zero firmware development continues with community help
Flipper Zero is restructuring its firmware development process through new community contribution rules and a strategic roadmap.
JadePuffer ransomware used AI agent to automate entire attack
The emergence of JadePuffer marks the first known 'agentic ransomware' capable of executing a full cyber attack without human oversight.
Alibaba reportedly bans employees from using Claude Code
Alibaba is reportedly banning employees from using Claude Code following concerns over spyware and Anthropic's efforts to restrict Chinese access.
Malware found spreading through sponsored ad on X
Malware spreading through sponsored ads on X has security experts on alert.