CVE-2026-22564

Summary

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.


Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)


Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later

Affected Software

VendorProductVersion RangeStatus
Ubiquiti IncUniFi Play PowerAmp0 < 1.0.38affected
Ubiquiti IncUniFi Play Audio Port0 < 1.1.9affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control - Generic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References