Description
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.


Affected Products:
UBB-XG (Version 1.2.2 and earlier)
UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier)
UBB (Version 3.1.5 and earlier)

Mitigation:
Update your UBB-XG to Version 1.2.3 or later.
Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later.
Update your UBB to Version 3.1.7 or later.
Published: 2026-01-08
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Attacks from within Wi‑Fi coverage can exploit a flaw in the airMAX Wireless Protocol, allowing a malicious actor to inject commands that are executed with device privileges. The weakness, a path‑to‑command injection (CWE‑77), opens the possibility for full control over the device, enabling data exfiltration, network disruption, or use as a pivot for further attacks.

Affected Systems

Ubiquiti Inc’s UBB‑XG, UBB, and UDB‑Pro/UDB‑Pro‑Sector devices are affected. Firmware versions up to UBB‑XG 1.2.2, UDB‑Pro/UDB‑Pro‑Sector 1.4.1, and UBB 3.1.5 are vulnerable. Applying any later firmware (UBB‑XG 1.2.3+, UDB‑Pro/UDB‑Pro‑Sector 1.4.2+, UBB 3.1.7+) removes the flaw.

Risk and Exploitability

The vulnerability scores a CVSS of 8.8, indicating high severity, while the EPSS score of less than 1% suggests low current exploitation likelihood. Because the flaw is triggered by malicious traffic over the airMAX protocol, an attacker must be within wireless range and able to craft protocol packets. The risk is mitigated if the device is isolated from the external network or configured to minimize exposure.

Generated by OpenCVE AI on April 18, 2026 at 07:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade UBB‑XG firmware to version 1.2.3 or later.
  • Upgrade UDB‑Pro/UDB‑Pro‑Sector firmware to version 1.4.2 or later.
  • Upgrade UBB firmware to version 3.1.7 or later.
  • Place the devices behind a firewall that restricts outbound access and blocks unsolicited traffic.
  • Segment the Wi‑Fi network and restrict which clients can communicate with the devices, using VLANs or MAC filtering.

Generated by OpenCVE AI on April 18, 2026 at 07:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via AirMAX Protocol in Ubiquiti Devices

Wed, 14 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Ui
Ui ubb
Ui ubb-xg
Ui ubb-xg Firmware
Ui ubb Firmware
Ui udb-pro
Ui udb-pro-sector
Ui udb-pro-sector Firmware
Ui udb-pro Firmware
CPEs cpe:2.3:h:ui:ubb-xg:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:ubb:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:udb-pro-sector:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:udb-pro:-:*:*:*:*:*:*:*
cpe:2.3:o:ui:ubb-xg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:ubb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:udb-pro-sector_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:udb-pro_firmware:*:*:*:*:*:*:*:*
Vendors & Products Ui
Ui ubb
Ui ubb-xg
Ui ubb-xg Firmware
Ui ubb Firmware
Ui udb-pro
Ui udb-pro-sector
Ui udb-pro-sector Firmware
Ui udb-pro Firmware

Fri, 09 Jan 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti ubb
Ubiquiti ubb-xg
Ubiquiti udb-pro
Ubiquiti udb-pro-sector
Vendors & Products Ubiquiti
Ubiquiti ubb
Ubiquiti ubb-xg
Ubiquiti udb-pro
Ubiquiti udb-pro-sector

Thu, 08 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 08 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Thu, 08 Jan 2026 16:30:00 +0000

Type Values Removed Values Added
Description A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Ubb Ubb-xg Udb-pro Udb-pro-sector
Ui Ubb Ubb-xg Ubb-xg Firmware Ubb Firmware Udb-pro Udb-pro-sector Udb-pro-sector Firmware Udb-pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-02-26T15:04:54.587Z

Reserved: 2026-01-01T15:00:02.339Z

Link: CVE-2026-21638

cve-icon Vulnrichment

Updated: 2026-01-08T16:48:20.274Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-08T17:15:50.357

Modified: 2026-01-14T21:06:07.787

Link: CVE-2026-21638

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T07:45:24Z

Weaknesses