CRITICAL: Ubiquiti Ships Emergency UniFi Fixes for CVSS 10.0 Unauthenticated Command Injection
Ubiquiti disclosed 25 vulnerabilities across the UniFi ecosystem on July 8, 2026, including seven critical flaws. The worst, CVE-2026-50746, is a CVSS 10.0 unauthenticated command injection in UniFi Connect that lets any network-adjacent attacker run commands as the host. With roughly 100,000 UniFi OS endpoints exposed to the internet, patching to the fixed releases is urgent.