Cyber Resilience

CVE-2026-21638

High

Published: 08 January 2026

Published
08 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 30.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-21638 is a high-severity Command Injection (CWE-77) vulnerability in Ui Ubb-Xg Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21638 is a remote code execution (RCE) vulnerability in the airMAX Wireless Protocol, affecting Ubiquiti networking products including UBB-XG (version 1.2.2 and earlier), UDB-Pro/UDB-Pro-Sector (version 1.4.1 and earlier), and UBB (version 3.1.5 and earlier). Published on January 8, 2026, it carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H) and is associated with CWE-77 (Command Injection).

A malicious actor within Wi-Fi range of an affected device can exploit the vulnerability over the adjacent network with low complexity, no privileges, and no user interaction required. Successful exploitation enables arbitrary code execution on the device, granting high impacts to confidentiality, integrity, and availability.

Ubiquiti's security advisory recommends mitigation by updating affected products to patched versions: UBB-XG to 1.2.3 or later, UDB-Pro/UDB-Pro-Sector to 1.4.2 or later, and UBB to 3.1.7 or later. Additional details are available at https://community.ui.com/releases/Security-Advisory-Bulletin-060-060/cde18da7-2bc4-41bb-a9cc-48a4a4c479c1.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1…

more

and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability is a command injection leading to remote code execution in the airMAX Wireless Protocol service on Ubiquiti networking devices, exploitable over the adjacent network without privileges, directly enabling Exploitation of Remote Services (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21633Same vendor: Ui
CVE-2025-59470Shared CWE-77
CVE-2025-40937Shared CWE-77
CVE-2024-52325Shared CWE-77
CVE-2025-46427Shared CWE-77
CVE-2025-46122Shared CWE-77
CVE-2025-59467Same vendor: Ui
CVE-2026-20147Shared CWE-77
CVE-2025-52665Same vendor: Ui
CVE-2026-34911Same vendor: Ui

Affected Assets

ui
ubb-xg firmware
≤ 1.2.3
ui
udb-pro firmware
≤ 1.4.2
ui
udb-pro-sector firmware
≤ 1.4.2
ui
ubb firmware
≤ 3.1.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of software flaws like this RCE vulnerability in the airMAX Wireless Protocol via firmware updates to patched versions.

prevent

Directly mitigates the underlying command injection (CWE-77) by validating and restricting inputs to the airMAX Wireless Protocol to prevent arbitrary code execution.

prevent

Establishes controls and restrictions on wireless access to the affected Ubiquiti products, limiting exposure to attackers in Wi-Fi range.

References