Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti warns of max severity UniFi OS vulnerability
Velocity timeline
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
Ubiquiti has disclosed a new vulnerability in its UniFi OS. Coverage from multiple outlets emphasizes the severity of the vulnerability, with a CVSS score of 10.0.
According to Tech Times, this flaw exposes 100,000 endpoints to unauthenticated takeover. Outlets such as BleepingComputer, The Hacker News, CyberSecurityNews, and SOCRadar are covering the story.
The company has patched the vulnerability, identified as CVE-2026-50746, across various UniFi products, including Connect, Talk, Access, Protect, and OS.
Synthesized by Newsylist from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.
Quick answers
What is the severity of the UniFi OS vulnerability?
The vulnerability has a CVSS score of 10.0, indicating maximum severity.
How many endpoints are exposed to the vulnerability?
According to Tech Times, 100,000 endpoints are exposed.
Has Ubiquiti patched the vulnerability?
Yes, Ubiquiti has patched the vulnerability, identified as CVE-2026-50746.
Coverage (5)
- Ubiquiti Fixes CVE-2026-50746 in UniFi Connect SOCRadar® Cyber Intelligence Inc. · 15h ago
- UniFi CVSS 10.0 Flaw Exposes 100,000 Endpoints to Unauthenticated Takeover Tech Times · 15h ago
- Ubiquiti Disclosed 25 Security Vulnerabilities Across the UniFi Ecosystem CyberSecurityNews · 15h ago
- Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS The Hacker News · 15h ago
- Ubiquiti warns of new max severity UniFi OS vulnerability BleepingComputer · 15h ago broke it first
People, places & organizations
Topics
Related trends
China issues 'backdoor' security alert over Anthropic's Claude Code
China has issued a formal security alert regarding potential vulnerabilities discovered within Anthropic's Claude Code AI tool.
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors are actively exploiting a critical authentication bypass vulnerability in Gitea Docker, identified as CVE-2026-20896.
Flipper Zero firmware development continues with community help
Flipper Zero is introducing a new community roadmap and contribution rules to sustain the development of its device firmware.
The covert U.S.-China battle to make chatbots leak their secrets
U.S. and Chinese entities are engaged in a covert struggle to compel AI chatbots to leak proprietary secrets.
JadePuffer ransomware used AI agent to automate entire attack
The emergence of JadePuffer marks the first known instance of 'agentic ransomware' using an AI agent to automate a full cyber attack.
Alibaba to ban employees from using Anthropic's coding tool, source says
Alibaba is banning employees from using Anthropic's Claude Code following the discovery of code intended to track Chinese users.