CVE-2026-1433

Severity CVSS v4.0:
MEDIUM
Type:
CWE-522 Insufficiently Protected Credentials
Publication date:
06/07/2026
Last modified:
06/07/2026

Description

uniFLOW Universal Login Manager (ULM) Standalone<br /> contains an information disclosure vulnerability that may allow an<br /> authenticated administrator to access sensitive configuration information<br /> through the ULM Remote User Interface (RUI). Exploitation requires<br /> administrative privileges and may disclose configuration data associated with<br /> SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or<br /> uniFLOW Online are not affected.