CVE-2026-22562

Summary

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).

Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Play PowerAmp0 < 1.0.38affected
Ubiquiti IncUniFi Play Audio Port0 < 1.1.9affected

Weaknesses

  • CWE-22: CWE-22 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References