CVE Catalog

CVE-2026-50747

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Summary

An authenticated SQL Injection vulnerability in UniFi Talk Application allows a network-accessible attacker with low privileges to escalate privileges on the host device.

Risk Assessment

An attacker could gain full control over the device, compromising confidentiality, integrity, and availability of data, potentially leading to a full network takeover.

Recommendation

Immediately update UniFi Talk Application to the latest patched version and restrict network access to the application to trusted hosts only.

Original NVD description (English source)

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS