CVE-2026-22562

Critical

Published: 13 April 2026

Published

13 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0017 38.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi…

Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates path traversal (CWE-22) by requiring validation of untrusted inputs to block traversal sequences that enable arbitrary file writes.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and correction of firmware flaws like this critical path traversal vulnerability via patching to version 1.0.38 or later.

SI-7 Software, Firmware, and Information Integrity partial match

detect

Monitors for unauthorized changes to firmware and files, enabling detection of exploitation attempts that write arbitrary files for RCE.

Security SummaryAI

CVE-2026-22562 is a Path Traversal vulnerability (CWE-22) in the device firmware of UniFi Play products, assigned a critical CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It affects UniFi Play PowerAmp running version 1.0.35 and earlier, as well as UniFi Play Audio Port running version 1.0.24 and earlier. The vulnerability enables a malicious actor to write arbitrary files on the affected system, which could be leveraged to achieve remote code execution (RCE).

An attacker with access to the UniFi Play network can exploit this flaw remotely with low attack complexity, without requiring authentication, privileges, or user interaction. Exploitation allows file writes that pave the way for RCE, granting high-impact control over confidentiality, integrity, and availability of the device.

The Ubiquiti security advisory recommends updating UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later as the primary mitigation. Additional details are available in Security Advisory Bulletin 063 at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83.

Details

CWE(s): CWE-22

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Path traversal vulnerability in network-accessible device firmware allows unauthenticated remote arbitrary file writes leading to RCE, directly mapping to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83
support@hackerone.com