CVE-2026-22563

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

24th

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)  UniFi Play Audio Port (Version 1.0.24 and earlier)  Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later  Update UniFi Play Audio Port to Version 1.1.9 or later

CWE	CWE-20
Vendor	ubiquiti inc
Product	unifi play poweramp
Published	Apr 13, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for ubiquiti inc unifi play poweramp

Be the first to know when new critical vulnerabilities affecting ubiquiti inc unifi play poweramp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Ubiquiti Inc / UniFi Play PowerAmp

0 < 1.0.38

Ubiquiti Inc / UniFi Play Audio Port

0 < 1.1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.ui.com: https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83