Remote Code Execution Vulnerability in airMAX Products by Ubiquiti
CVE-2026-21639

5.4MEDIUM

Key Information:

Vendor: Ubiquiti Inc
Status: Airmax Ac; Airmax M; Airfiber Af60-xg; Airfiber Af60
Vendor: CVE Published:; 8 January 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2026-21639?

A vulnerability exists in Ubiquiti's airMAX Wireless Protocol, which can be exploited by a malicious actor within Wi-Fi range to achieve remote code execution on affected devices. This poses a significant risk as attackers could gain unauthorized access to network resources and potentially execute harmful payloads. Users of affected airMAX products should prioritize updating their devices to the latest versions to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

airFiber AF60 0 < 2.6.8

airFiber AF60-XG 0 < 1.2.3

airMAX AC 0 < 8.7.21

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2026
Vulnerability Reserved
Jan 1, 2026

JSON

Ubiquiti Inc