{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21639", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2026-01-01T15:00:02.339Z", "datePublished": "2026-01-08T16:14:22.626Z", "dateUpdated": "2026-01-08T17:21:53.724Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nairMAX AC (Version 8.7.20 and earlier)\r\nairMAX M (Version 6.3.22 and earlier)\r\nairFiber AF60-XG (Version 1.2.2 and earlier)\r\nairFiber AF60 (Version 2.6.7 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate your airMAX AC to Version 8.7.21 or later.\r\nUpdate your airMAX M to Version 6.3.24 or later.\r\nUpdate your airFiber AF60-XG to Version 1.2.3 or later.\r\nUpdate your airFiber AF60 to Version 2.6.8 or later."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "airMAX AC", "versions": [{"version": "0", "status": "affected", "lessThan": "8.7.21", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "airMAX M", "versions": [{"version": "0", "status": "affected", "lessThan": "6.3.24", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "airFiber AF60-XG", "versions": [{"version": "0", "status": "affected", "lessThan": "1.2.3", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "vendor": "Ubiquiti Inc", "product": "airFiber AF60", "versions": [{"version": "0", "status": "affected", "lessThan": "2.6.8", "versionType": "semver"}]}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-08T16:14:22.626Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-08T17:09:52.634464Z", "id": "CVE-2026-21639", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T17:21:53.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-21639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-08T17:09:52.634464Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-08T17:21:36.953Z"}}], "cna": {"affected": [{"vendor": "Ubiquiti Inc", "product": "airMAX AC", "versions": [{"status": "affected", "version": "0", "lessThan": "8.7.21", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "airMAX M", "versions": [{"status": "affected", "version": "0", "lessThan": "6.3.24", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "airFiber AF60-XG", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Ubiquiti Inc", "product": "airFiber AF60", "versions": [{"status": "affected", "version": "0", "lessThan": "2.6.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba"}], "descriptions": [{"lang": "en", "value": "A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nairMAX AC (Version 8.7.20 and earlier)\r\nairMAX M (Version 6.3.22 and earlier)\r\nairFiber AF60-XG (Version 1.2.2 and earlier)\r\nairFiber AF60 (Version 2.6.7 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate your airMAX AC to Version 8.7.21 or later.\r\nUpdate your airMAX M to Version 6.3.24 or later.\r\nUpdate your airFiber AF60-XG to Version 1.2.3 or later.\r\nUpdate your airFiber AF60 to Version 2.6.8 or later."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2026-01-08T16:14:22.626Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21639", "state": "PUBLISHED", "dateUpdated": "2026-01-08T17:21:53.724Z", "dateReserved": "2026-01-01T15:00:02.339Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2026-01-08T16:14:22.626Z", "assignerShortName": "hackerone"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airmax_ac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6CAE32F-15CF-472D-9CB2-2B863A9FF429", "versionEndExcluding": "8.7.21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7522076-32AA-4C46-A383-55496EB8E403", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airmax_m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "23228893-D868-4C84-82A8-3AAA30193F95", "versionEndExcluding": "6.3.24", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airmax_m:-:*:*:*:*:*:*:*", "matchCriteriaId": "22401E7D-9BB7-4015-A28B-1C134C429E56", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_af60-xg_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7197F20-55D0-4EF4-9C97-60A56E888427", "versionEndExcluding": "1.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_af60-xg:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE317510-2899-438A-9C95-83A6C7FA1B2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:airfiber_af60_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1C29843-49DD-4B68-89C6-14E3CFB70E62", "versionEndExcluding": "2.6.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:airfiber_af60:-:*:*:*:*:*:*:*", "matchCriteriaId": "30F52A22-F069-426B-8664-E94E41E3863E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product.\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nairMAX AC (Version 8.7.20 and earlier)\r\nairMAX M (Version 6.3.22 and earlier)\r\nairFiber AF60-XG (Version 1.2.2 and earlier)\r\nairFiber AF60 (Version 2.6.7 and earlier)\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate your airMAX AC to Version 8.7.21 or later.\r\nUpdate your airMAX M to Version 6.3.24 or later.\r\nUpdate your airFiber AF60-XG to Version 1.2.3 or later.\r\nUpdate your airFiber AF60 to Version 2.6.8 or later."}], "id": "CVE-2026-21639", "lastModified": "2026-01-14T21:06:35.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-08T17:15:50.483", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:37:25.930477+00:00", "value": {"mitigation_remediation": ["Update airMAX AC to firmware version 8.7.21 or later.", "Update airMAX M to firmware version 6.3.24 or later.", "Update airFiber AF60\u2011XG to firmware version 1.2.3 or later.", "Update airFiber AF60 to firmware version 2.6.8 or later."], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "Affected products include Ubiquiti airMAX AC, airMAX M, airFiber AF60\u2011XG, and airFiber AF60. Vulnerable firmware versions are airMAX AC 8.7.20 and earlier, airMAX M 6.3.22 and earlier, airFiber AF60\u2011XG 1.2.2 and earlier, and airFiber AF60 2.6.7 and earlier.", "description_and_impact": "The vulnerability allows a malicious actor within Wi\u2011Fi range of affected Ubiquiti devices to trigger remote code execution by sending specially crafted packets that exploit a flaw in the airMAX Wireless Protocol. The flaw can be abused to run arbitrary code on the device, potentially compromising confidentiality, integrity, and availability of the network. The issue is identified as CWE\u201177 due to improper handling of command injection.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a moderate severity; the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote over the air interface, requiring an adversary in physical wireless proximity to the device. No known public exploits have been reported, but the reachable nature of the flaw warrants precaution."}}}}, "created": "2026-01-09T13:24:54.948394+00:00", "title": "Remote Code Execution via airMAX Wireless Protocol in Ubiquiti AirMAX and AirFiber Devices", "updated": "2026-04-18T07:45:24.978258+00:00", "vendors": ["ubiquiti", "ubiquiti$PRODUCT$airfiber_af60", "ubiquiti$PRODUCT$airfiber_af60_xg", "ubiquiti$PRODUCT$airmax_ac", "ubiquiti$PRODUCT$airmax_m"]}