HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-50748Published Modified CNA hackerone

CVE-2026-50748: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
4.2.29
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Command injection via improper input validation in the UniFi Access Application (Ubiquiti) allows a network-accessible attacker holding any low-privilege account to inject arbitrary operating system commands on the host device. The vulnerability is reachable over the network with no elevated permissions required and no victim interaction needed, and exploitation gives the attacker full control over confidentiality, integrity, and availability of the host. A patched-image rebuild at version 4.2.29 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-50748 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images derived from UniFi Access Application base layers. Any image running a version of UniFi Access Application below 4.2.29 will be flagged automatically.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 9.9 (Critical) and applies per-environment compliance policy weighting to determine priority and routing. Triage findings are delivered to the appropriate team inbox within each customer organization based on configured policy and ownership rules.

Available
Patch

A patched-image rebuild at UniFi Access Application version 4.2.29 becomes available through HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the UniFi Access Application service over the network; there is no requirement for local or physical access.

  • AuthenticationRequired

    Any low-privilege account is sufficient; the attacker does not need administrative or elevated credentials.

  • Victim interactionNot required

    No user interaction is needed; the attacker exploits the service directly without relying on a victim taking any action.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or memory layout knowledge.

Blast Radius

  • Reads all data accessible to the host process, including credentials, access control records, and configuration secrets.
  • Modifies or deletes files and persisted data on the host device, including application configuration and access logs.
  • Executes arbitrary OS commands on the host, enabling installation of backdoors, lateral movement tools, or ransomware.
  • Crashes or permanently disrupts the UniFi Access Application service, preventing physical access control operations from functioning.

How HarborGuard Handles This

Available on HarborGuard: detection of this Critical-severity command injection is active for all environments scanning images that include UniFi Access Application below version 4.2.29. For customers who opt into auto-remediation, HarborGuard can rebuild the image at the fixed version (4.2.29), run regression tests, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who manage remediation manually will find the affected images listed in their HarborGuard dashboard with full CVSS context and fix-version detail. Where compliance policy restricts automated changes, HarborGuard can apply network-policy isolation recommendations to limit inbound access to the UniFi Access Application port as a compensating control while the upgrade is staged.

See how HarborGuard automates this

Fix available

4.2.29
Affected packages
  • Ubiquiti Inc / UniFi Access Application
    < 4.2.29 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H