CVE-2026-1433
Received Received - Intake

Information Disclosure in uniFLOW Universal Login Manager

Vulnerability report for CVE-2026-1433, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: Canon_EMEA

Description

uniFLOW Universal Login Manager (ULM) Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may disclose configuration data associated with SMTP or LDAP integrations. ULM deployments connected to uniFLOW Server or uniFLOW Online are not affected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
canon uniflow_universal_login_manager to 5.11 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-1433 is an information disclosure vulnerability in the uniFLOW Universal Login Manager (ULM) Standalone software. It allows an authenticated administrator with management rights to access sensitive configuration information through the ULM Remote User Interface (RUI). This vulnerability specifically affects ULM running in standalone mode when it is configured to connect to an LDAP server. It does not affect ULM deployments connected to uniFLOW Server or uniFLOW Online.

Exploitation requires administrative privileges, limiting the exposure to users who already have high-level access. The disclosed information may include configuration data related to SMTP or LDAP integrations.

Impact Analysis

This vulnerability can lead to the exposure of sensitive configuration information if an attacker has administrative access to the ULM Standalone system. Such information could include details about SMTP or LDAP integrations, which might be leveraged for further attacks or unauthorized access.

However, since exploitation requires administrative privileges, the risk is limited to users who already have significant access rights. Additionally, the vulnerability only affects ULM in standalone mode with LDAP configuration, which is not a common setup.

Users are advised to update to ULM version 5.11 or later to fix this issue or consider disconnecting ULM from the LDAP server as a mitigation, though this may affect usability.

Detection Guidance

This vulnerability affects uniFLOW Universal Login Manager (ULM) Standalone installations that are configured with LDAP integration and running version 5.10 or earlier.

Detection involves verifying if your ULM deployment is running in standalone mode, checking the version of ULM, and confirming if it is bound to an LDAP server.

Since exploitation requires administrative access to the ULM Remote User Interface, commands or network scans alone may not directly detect the vulnerability.

Suggested steps include:

  • Log into the ULM admin interface and check the version number to see if it is 5.10 or earlier.
  • Check the ULM configuration to determine if it is operating in standalone mode and if it is connected to an LDAP server.
  • Review access logs for any unusual administrative access attempts to the ULM Remote User Interface.
Mitigation Strategies

Immediate mitigation steps include updating the ULM software to version 5.11 or later, where the vulnerability is fixed.

If updating is not immediately possible, disconnecting the ULM from the LDAP server can mitigate the risk, although this may impact usability.

It is recommended to discuss the impact of disconnecting LDAP with a Canon representative or Canon Business Partner before proceeding.

Additionally, ensure that only trusted administrators have access to the ULM Remote User Interface to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart