CVE-2026-22562
published 2026-04-13CVE-2026-22562: A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.77%
51.1th percentile
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier)
Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubiquiti_inc | unifi_play_audio_port | < 1.1.9 | 1.1.9 |
| ubiquiti_inc | unifi_play_poweramp | < 1.0.38 | 1.0.38 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-13
Published