ThreatCluster

Multiple Vulnerabilities Discovered in UniFi Play Devices

First seen 14 Apr 2026, 16:31 UTC nvd.nist.gov 94% similarity 71

Article Content

Browse articles
ThreatCluster

On April 13, 2026, five critical vulnerabilities were published affecting UniFi Play devices, specifically the PowerAmp and Audio Port models. These vulnerabilities include CVE-2026-22562, a Path Traversal issue allowing remote code execution; CVE-2026-22563, a series of Improper Input Validation vulnerabilities enabling command injection; CVE-2026-22564 and CVE-2026-22566, both related to Improper Access Control that could permit unauthorized changes and credential exposure; and CVE-2026-22565, which could cause device unresponsiveness. All affected versions are 1.0.35 and earlier for PowerAmp and 1.0.24 and earlier for Audio Port. Users are urged to update to the latest firmware versions to mitigate these risks. The vulnerabilities pose significant risks to users with access to the UniFi Play network, potentially leading to unauthorized access and control over the devices. Current status indicates that patches are available, but the threat remains until updates are applied.

Key Points: • Five critical CVEs affecting UniFi Play devices were published on April 13, 2026. • Vulnerabilities include remote code execution and unauthorized access risks. • Users must update to the latest firmware to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2026-04-13
CVE-2026-22562 published
2026-04-13
CVE-2026-22563 published
2026-04-13
CVE-2026-22564 published
2026-04-13
CVE-2026-22565 published
2026-04-13
CVE-2026-22566 published
2026-04-14
Patches released for affected UniFi Play devices

Community

Browse all →