PatchSiren cyber security CVE debrief
CVE-2026-50747 Ubiquiti Inc CVE debrief
CVE-2026-50747 is a series of authenticated SQL Injection vulnerabilities in UniFi Talk Application that could allow a malicious actor with access to the network and low privileges to escalate privileges on the host device. The vulnerability has a CVSS score of 9.9 and is classified as CRITICAL. The affected product is UniFi Talk Application, and the vulnerability class is SQL Injection. The likely operational impact is privilege escalation.
- Vendor
- Ubiquiti Inc
- Product
- UniFi Talk Application
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-02
- Original CVE updated
- 2026-07-09
- Advisory published
- 2026-07-02
- Advisory updated
- 2026-07-09
Who should care
Administrators and users of UniFi Talk Application should be aware of this vulnerability and take necessary actions to mitigate it. The affected operators are those who manage UniFi Talk Application, and the platform is the host device. The vulnerability-management impact is high, and security teams should prioritize patching.
Technical summary
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device. The vulnerability has a CVSS score of 9.9 and is classified as CRITICAL. The affected product context is UniFi Talk Application, and the defensive impact is high.
Defensive priority
High
Recommended defensive actions
- Apply the latest patch
- Restrict network access
- Monitor for suspicious activity
- Review compensating controls for exposed systems
- Check relevant monitoring, detection, and logs for exposed assets
Evidence notes
The CVE record was published on 2026-07-02T15:17:02.877Z and was last modified on 2026-07-09T13:21:57.180Z. The NVD entry is currently Analyzed. The vulnerability affects UniFi Talk Application and has a CVSS score of 9.9. The evidence is based on the CVE record and NVD entry.
Official resources
-
CVE-2026-50747 CVE record
CVE.org
-
CVE-2026-50747 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-02T15:17:02.877Z and has not been modified since then.