CPE2026-054 – Vulnerability Remediation for uniFLOW Universal Login Manager Standalone – 06 July 2026
A vulnerability has been identified in the uniFLOW Universal Login Manager (ULM) Standalone product (CVE-2026-1433) that could allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface (RUI). Exploitation requires administrative privileges and may result in the disclosure of configuration data associated with SMTP or LDAP integrations. Deployments connected to uniFLOW Server or uniFLOW Online are not affected.
Canon along with NT-ware takes security vulnerabilities seriously and recommends that customers using affected versions of uniFLOW ULM Standalone apply the available update. To maintain the security of uniFLOW ULM Standalone environments, an update is required for all affected installations.
Although we have not received any reports of active exploitation of this vulnerability, we strongly recommend reviewing the security advisory and implementing the recommended remediation measures at the earliest opportunity.
Details regarding the vulnerability, affected versions, and recommended mitigation and remediation steps can be found at:
Security Advisory: ULM Potential Information Disclosure
Canon would like to thank the following researcher for identifying the vulnerability:
• CVE-2026-1433: Sam Shepherd working with BAE Systems