CVE-2026-22563

CRITICAL

Ubiquiti INC UniFi Play PowerAmp < 1.0.38 - Command Injection

Title source: rule
STIX 2.1

Description

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later

References (1)

Scores

CVSS v3 9.8
EPSS 0.0010
EPSS Percentile 28.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-20
Status published
Products (2)
Ubiquiti Inc/UniFi Play Audio Port < 1.1.9
Ubiquiti Inc/UniFi Play PowerAmp < 1.0.38
Published Apr 13, 2026
Tracked Since Apr 14, 2026