Description
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.


Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)

UniFi Play Audio Port  (Version 1.0.24 and earlier)


Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later

Update UniFi Play Audio Port  to Version 1.1.9 or later
Published: 2026-04-13
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an improper access control flaw that lets an attacker with access to the UniFi Play network enable SSH, allowing unauthorized changes to the system. This flaw is classified as CWE‑284. The impact is that a compromised device can execute arbitrary commands, leading to full system compromise.

Affected Systems

Vendor: Ubiquiti Inc. Products affected are UniFi Play PowerAmp versions 1.0.35 and earlier, and UniFi Play Audio Port versions 1.0.24 and earlier. These devices run legacy firmware releases prior to the publicly released patches.

Risk and Exploitability

The CVSS base score of 9.8 marks it as critical. The flaw can be exploited by any user with network access to a UniFi Play device, without special authentication. Because EPSS data is not available and the vulnerability is not in the KEV catalog, the primary indicator of risk is the high base score and the ease of lateral network access within a local area network. Immediate patching is strongly recommended to eliminate the elevated risk of remote code execution.

Generated by OpenCVE AI on April 13, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update UniFi Play PowerAmp to version 1.0.38 or later.
  • Update UniFi Play Audio Port to version 1.1.9 or later.
  • If a patch cannot be applied immediately, isolate the device from the broader network or restrict SSH access to trusted hosts.

Generated by OpenCVE AI on April 13, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Unauthorized SSH Access via Improper Access Control on UniFi Play Devices

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp
Vendors & Products Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ubiquiti Unifi Play Audio Port Unifi Play Poweramp
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-04-14T13:14:19.961Z

Reserved: 2026-01-07T15:39:03.440Z

Link: CVE-2026-22564

cve-icon Vulnrichment

Updated: 2026-04-14T13:09:37.225Z

cve-icon NVD

Status : Received

Published: 2026-04-13T22:16:28.187

Modified: 2026-04-13T22:16:28.187

Link: CVE-2026-22564

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:33:05Z

Weaknesses