Information Disclosure Vulnerability in uniFLOW Universal Login Manager by Canon
CVE-2026-1433
4.8MEDIUM
Key Information:
- Vendor
Nt-ware
- Vendor
- CVE Published:
- 6 July 2026
What is CVE-2026-1433?
The uniFLOW Universal Login Manager (ULM) Standalone has a vulnerability allowing authenticated administrators to access sensitive configuration information via the Remote User Interface (RUI). This issue may lead to the exposure of critical SMTP or LDAP integration settings. It's important to note that deployments connected to uniFLOW Server or uniFLOW Online remain unaffected by this vulnerability. Proper precautions should be taken to mitigate any risks associated with unauthorized access to sensitive data.
Affected Version(s)
uniFLOW ULM (Universal Login Manager) Standalone Web Application 0 <= 5.10
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Sam Shepherd working with BAE Systems
