HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-50746Published Modified CNA hackerone

CVE-2026-50746: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

Metrics

CVSS v3.1
10.0
Severity
CRITICAL
Fixed in
3.4.20
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper access control flaw in Ubiquiti's UniFi Connect Application allows an unauthenticated, network-reachable attacker to inject and execute arbitrary operating system commands on the host device. No credentials and no victim interaction are needed; the attacker only requires network access to the service. Successful exploitation gives the attacker full control over the host, including reading all data, modifying any files or configuration, and crashing or hijacking the process. A patched-image rebuild at version 3.4.20 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle the UniFi Connect Application. Any image running a version below 3.4.20 is flagged automatically.

Available
Triage

HarborGuard is capable of scoring this CVE at its full CVSS v3.1 critical severity of 10.0 and weighting the result against each environment's compliance policy to determine urgency. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild at UniFi Connect Application version 3.4.20 becomes available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard can trigger a rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the UniFi Connect Application service over the network; no local or physical access is required.

  • AuthenticationNot required

    No credentials of any kind are needed to trigger the command injection.

  • Victim interactionNot required

    The attacker does not need to manipulate any user into taking an action; exploitation is fully self-initiated.

  • Attack complexityDetail

    The exploit is reliable and condition-free, requiring no race conditions, special memory layout, or environment-specific configuration.

Blast Radius

  • The attacker executes arbitrary OS commands on the host device with the privileges of the application process.
  • All data accessible to that process, including stored credentials, device configuration, and session tokens, is readable by the attacker.
  • The attacker can modify or delete any files, configuration, or persistent state the process can write to.
  • The host process and the services it manages can be crashed or taken over entirely, causing a full denial of service.

How HarborGuard Handles This

Available on HarborGuard: detection capability for CVE-2026-50746 is active the moment the advisory is ingested, matching any image that ships UniFi Connect Application below version 3.4.20. Because this is a CVSS 10.0 critical with no authentication barrier, it is surfaced at the highest urgency tier and routed immediately to the configured owner. For customers with auto-remediation enabled, HarborGuard can rebuild the image at version 3.4.20, run the regression suite, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled. For environments where compliance policy restricts auto-remediation, HarborGuard surfaces the finding with a direct link to the fix version and supports manual approval of the patched rebuild.

See how HarborGuard automates this

Fix available

3.4.20
Affected packages
  • Ubiquiti Inc / UniFi Connect Application
    < 3.4.20 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H