Improper Input Validation in UniFi Play Products by Ubiquiti
CVE-2026-22565

7.5HIGH

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Play Poweramp; Unifi Play Audio Port
Vendor: CVE Published:; 13 April 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2026-22565?

An improper input validation vulnerability exists in Ubiquiti's UniFi Play devices, potentially allowing a malicious actor on the UniFi Play network to disrupt device functionality. This leads to the affected devices becoming unresponsive, which can severely impact user operations. To mitigate this risk, users are advised to update the UniFi Play PowerAmp to Version 1.0.38 or later and the UniFi Play Audio Port to Version 1.1.9 or later.

Affected Version(s)

UniFi Play Audio Port 0 < 1.1.9

UniFi Play PowerAmp 0 < 1.0.38

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22565 Data

JSON