CVE-2026-21639

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-21639

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

A

malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) airFiber AF60-XG (Version 1.2.2 and earlier) airFiber AF60 (Version 2.6.7 and earlier) Mitigation: Update your airMAX AC to Version 8.7.21 or later. Update your airMAX M to Version 6.3.24 or later. Update your airFiber AF60-XG to Version 1.2.3 or later. Update your airFiber AF60 to Version 2.6.8 or later.

References
Link Resource
https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ui:airmax_m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ui:airfiber_af60-xg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:airfiber_af60-xg:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ui:airfiber_af60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:airfiber_af60:-:*:*:*:*:*:*:*
History

14 Jan 2026, 21:06

Type Values Removed Values Added
First Time Ui
Ui airfiber Af60-xg Firmware
Ui airmax M
Ui airfiber Af60 Firmware
Ui airmax Ac
Ui airfiber Af60-xg
Ui airmax Ac Firmware
Ui airmax M Firmware
Ui airfiber Af60
References () https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba - () https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba - Vendor Advisory
CPE cpe:2.3:o:ui:airfiber_af60-xg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*
cpe:2.3:o:ui:airmax_m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:ui:airfiber_af60_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ui:airfiber_af60-xg:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:airfiber_af60:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*

08 Jan 2026, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4
CWE CWE-77

08 Jan 2026, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-08 17:15

Updated : 2026-01-14 21:06

NVD link : CVE-2026-21639

Mitre link : CVE-2026-21639

CVE.ORG link : CVE-2026-21639

JSON object : View

Products Affected

ui

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')