Description
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).

Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)

Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later
Published: 2026-04-13
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

A path traversal flaw in the firmware of Ubiquiti UniFi Play devices lets an attacker with network access write arbitrary files to the filesystem, which can be used to execute arbitrary code. The vulnerability is a classic example of a directory traversal weakness leading to remote code execution.

Affected Systems

Affected are UniFi Play PowerAmp firmware versions 1.0.35 and earlier, and UniFi Play Audio Port firmware versions 1.0.24 and earlier. The flaw is present only in the firmware of these two devices and is fixed in later releases.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, indicating critical severity. No EPSS score is available and it has not been listed in the CISA KEV catalog, though it still represents a high risk if exploited. The likely attack vector is a local or remote attacker who can reach the UniFi Play device over the network. Exploitation requires simply accessing the vulnerable firmware endpoint, after which the attacker can write malicious files that the device will execute.

Generated by OpenCVE AI on April 13, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply firmware updates on all UniFi Play PowerAmp devices to version 1.0.38 or later
  • Apply firmware updates on all UniFi Play Audio Port devices to version 1.1.9 or later

Generated by OpenCVE AI on April 13, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Vulnerability Allowing Remote File Write on Ubiquiti UniFi Play Devices

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp
Vendors & Products Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Unifi Play Audio Port Unifi Play Poweramp
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-04-14T13:14:19.709Z

Reserved: 2026-01-07T15:39:03.440Z

Link: CVE-2026-22562

cve-icon Vulnrichment

Updated: 2026-04-14T13:09:33.059Z

cve-icon NVD

Status : Received

Published: 2026-04-13T22:16:27.870

Modified: 2026-04-13T22:16:27.870

Link: CVE-2026-22562

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:33:02Z

Weaknesses