CVE-2026-22564

CRITICAL 9.8

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

3th

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.  Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)  UniFi Play Audio Port (Version 1.0.24 and earlier)  Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later  Update UniFi Play Audio Port to Version 1.1.9 or later

CWE	CWE-284
Vendor	ubiquiti inc
Product	unifi play poweramp
Published	Apr 13, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for ubiquiti inc unifi play poweramp

Be the first to know when new critical vulnerabilities affecting ubiquiti inc unifi play poweramp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Ubiquiti Inc / UniFi Play PowerAmp

0 < 1.0.38

Ubiquiti Inc / UniFi Play Audio Port

0 < 1.1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.ui.com: https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83