CVE-2026-1433
Last modified
CVE-2026-1433 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or uniFLOW Online are not affected.
Metrics
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| NT-ware | uniFLOW ULM (Universal Login Manager) Standalone | <= 5.10 |
References
Timeline
- Published
- Last Modified
- Status
- Awaiting Analysis
Frequently Asked Questions
What is CVE-2026-1433?
How severe is CVE-2026-1433?
How do I fix CVE-2026-1433?
Related CVEs from 2026
- CVE-2026-1429Single Sign-On Portal System developed by WellChoose has a R…5.4
- CVE-2026-1430The WP Lightbox 2 WordPress plugin before 3.0.7 does not san…4.8
- CVE-2026-1431The Booking Calendar plugin for WordPress is vulnerable to u…5.3
- CVE-2026-1432SQL injection vulnerability in the Buroweb platform version …9.3
- CVE-2026-14324RAOP module accepts unbounded Content-Length values and does…6.5
- CVE-2026-14327The AR for WordPress plugin for WordPress is vulnerable to D…7.5
- CVE-2026-14330Multiple unbounded alloca() calls in the PulseAudio protocol…5.5
- CVE-2026-14336PIA's OIDC issuer allowlist for Jenkins tokens uses a bare s…8.2
- CVE-2026-1434Omega-PSIR is vulnerable to Reflected XSS via the lang param…6.1
- CVE-2026-14340An incorrect authorization vulnerability was identified in G…5
- CVE-2026-14342The Mail Mint – Email Marketing, Newsletter, Email Automatio…4.9
- CVE-2026-14343The Download Manager plugin for WordPress is vulnerable to S…6.4
Are you affected by CVE-2026-1433?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
