Improper Access Control in UniFi Play Products by Ubiquiti
CVE-2026-22566

7.5HIGH

Key Information:

Vendor: Ubiquiti Inc
Status: Unifi Play Poweramp; Unifi Play Audio Port
Vendor: CVE Published:; 13 April 2026

🔔 Create Ubiquiti Inc Vulnerability Alert

What is CVE-2026-22566?

An improper access control vulnerability exists in Ubiquiti's UniFi Play products, potentially allowing unauthorized actors to access sensitive WiFi credentials. This flaw affects both the UniFi Play PowerAmp (versions 1.0.35 and earlier) and UniFi Play Audio Port (versions 1.0.24 and earlier). Users are advised to update their products to the latest versions—1.0.38 for PowerAmp and 1.1.9 for Audio Port—to mitigate the risk and enhance security.

Affected Version(s)

UniFi Play Audio Port 0 < 1.1.9

UniFi Play PowerAmp 0 < 1.0.38

References

https://community.ui.com/releases/Security-Advisory-Bulle...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22566 Data

JSON