CVE-2026-21638

Published: Jan 8, 2026

Modified: Feb 26, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later.

Vendor	Product	Versions
Ubiquiti Inc	UBB-XG	affected `0 - < 1.2.3`
Ubiquiti Inc	UDB-Pro/UDB-Pro-Sector	affected `0 - < 1.4.2`
Ubiquiti Inc	UBB	affected `0 - < 3.1.7`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://community.ui.com/releases/Security-Advisory-Bulletin-060-060/cde18da7-2bc4-41bb-a9cc-48a4a4c479c1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now