Back

Multiple Vulnerabilities Discovered in UniFi Play Devices

Severity: High (Score: 70.5)

Sources: nvd.nist.gov

Summary

On April 13, 2026, five critical vulnerabilities were published affecting UniFi Play devices, specifically the PowerAmp and Audio Port models. These vulnerabilities include CVE-2026-22562, a Path Traversal issue allowing remote code execution; CVE-2026-22563, a series of Improper Input Validation vulnerabilities enabling command injection; CVE-2026-22564 and CVE-2026-22566, both related to Improper Access Control that could permit unauthorized changes and credential exposure; and CVE-2026-22565, which could cause device unresponsiveness. All affected versions are 1.0.35 and earlier for PowerAmp and 1.0.24 and earlier for Audio Port. Users are urged to update to the latest firmware versions to mitigate these risks. The vulnerabilities pose significant risks to users with access to the UniFi Play network, potentially leading to unauthorized access and control over the devices. Current status indicates that patches are available, but the threat remains until updates are applied. Key Points: • Five critical CVEs affecting UniFi Play devices were published on April 13, 2026. • Vulnerabilities include remote code execution and unauthorized access risks. • Users must update to the latest firmware to mitigate these vulnerabilities.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-22562 (cve)
  • CVE-2026-22563 (cve)
  • CVE-2026-22564 (cve)
  • CVE-2026-22565 (cve)
  • CVE-2026-22566 (cve)
  • T1021 - Remote Services (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • UniFi Play Audio Port (platform)
  • UniFi Play PowerAmp (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed