CVE-2026-1433
Severity CVSS v4.0:
MEDIUM
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
06/07/2026
Last modified:
06/07/2026
Description
uniFLOW Universal Login Manager (ULM) Standalone<br />
contains an information disclosure vulnerability that may allow an<br />
authenticated administrator to access sensitive configuration information<br />
through the ULM Remote User Interface (RUI). Exploitation requires<br />
administrative privileges and may disclose configuration data associated with<br />
SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or<br />
uniFLOW Online are not affected.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM



