SQL Injection Vulnerability in UniFi Talk Application by Ubiquiti Networks
CVE-2026-50747

9.9CRITICAL

Key Information:

Vendor
CVE Published:
2 July 2026

What is CVE-2026-50747?

A series of authenticated SQL Injection vulnerabilities in the UniFi Talk Application allow unauthorized users with limited network access to perform malicious actions. By exploiting these vulnerabilities, an attacker could escalate privileges on the host device, potentially compromising sensitive information and overall network integrity. It is crucial for users to apply the latest security updates to mitigate these risks.

Affected Version(s)

UniFi Talk Application 0 < 5.2.2

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.