Improper Access Control Vulnerability in UniFi Play Products by Ubiquiti
CVE-2026-22564

9.8CRITICAL

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Play Poweramp; Unifi Play Audio Port
Vendor: CVE Published:; 13 April 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2026-22564?

An Improper Access Control vulnerability exists in Ubiquiti's UniFi Play products, allowing unauthorized users with network access to enable SSH and make unapproved modifications to the system configurations. This breach can potentially compromise the security measures in place, resulting in elevated privileges for malicious actors. Affected users are strongly advised to update their UniFi Play PowerAmp to Version 1.0.38 or later and UniFi Play Audio Port to Version 1.1.9 or later to mitigate the risk.

Affected Version(s)

UniFi Play Audio Port 0 < 1.1.9

UniFi Play PowerAmp 0 < 1.0.38

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22564 Data

JSON