CVE-2026-50748: A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.
Metrics
- CVSS v3.1
- 9.9
- Severity
- CRITICAL
- Fixed in
- 4.2.29
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Command injection via improper input validation in the UniFi Access Application (Ubiquiti) allows a network-accessible attacker holding any low-privilege account to inject arbitrary operating system commands on the host device. The vulnerability is reachable over the network with no elevated permissions required and no victim interaction needed, and exploitation gives the attacker full control over confidentiality, integrity, and availability of the host. A patched-image rebuild at version 4.2.29 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-50748 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images derived from UniFi Access Application base layers. Any image running a version of UniFi Access Application below 4.2.29 will be flagged automatically.
AvailableHarborGuard surfaces this CVE with its CVSS v3.1 score of 9.9 (Critical) and applies per-environment compliance policy weighting to determine priority and routing. Triage findings are delivered to the appropriate team inbox within each customer organization based on configured policy and ownership rules.
AvailableA patched-image rebuild at UniFi Access Application version 4.2.29 becomes available through HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the UniFi Access Application service over the network; there is no requirement for local or physical access.
- AuthenticationRequired
Any low-privilege account is sufficient; the attacker does not need administrative or elevated credentials.
- Victim interactionNot required
No user interaction is needed; the attacker exploits the service directly without relying on a victim taking any action.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race timing, or memory layout knowledge.
Blast Radius
- Reads all data accessible to the host process, including credentials, access control records, and configuration secrets.
- Modifies or deletes files and persisted data on the host device, including application configuration and access logs.
- Executes arbitrary OS commands on the host, enabling installation of backdoors, lateral movement tools, or ransomware.
- Crashes or permanently disrupts the UniFi Access Application service, preventing physical access control operations from functioning.
How HarborGuard Handles This
Available on HarborGuard: detection of this Critical-severity command injection is active for all environments scanning images that include UniFi Access Application below version 4.2.29. For customers who opt into auto-remediation, HarborGuard can rebuild the image at the fixed version (4.2.29), run regression tests, and open a pull request against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Customers who manage remediation manually will find the affected images listed in their HarborGuard dashboard with full CVSS context and fix-version detail. Where compliance policy restricts automated changes, HarborGuard can apply network-policy isolation recommendations to limit inbound access to the UniFi Access Application port as a compensating control while the upgrade is staged.
Fix available
- Ubiquiti Inc / UniFi Access Application< 4.2.29 (from 0)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H