CVE-2026-22563

Summary

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.

Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)


Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Play PowerAmp0 < 1.0.38affected
Ubiquiti IncUniFi Play Audio Port0 < 1.1.9affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References