Description
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.


Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)

UniFi Play Audio Port  (Version 1.0.24 and earlier)


Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later

Update UniFi Play Audio Port  to Version 1.1.9 or later
Published: 2026-04-13
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

An improper input validation flaw in Ubiquiti UniFi Play devices allows an attacker with access to the UniFi Play network to send specially crafted data that causes the device to stop responding, resulting in a loss of service and interruption of normal operation. The weakness is identified as input validation failure (CWE-20).

Affected Systems

Affected products are Ubiquiti UniFi Play PowerAmp versions 1.0.35 and earlier, and Ubiquiti UniFi Play Audio Port versions 1.0.24 and earlier.

Risk and Exploitability

The vulnerability is susceptible to exploitation by anyone who can communicate with the device over the local UniFi Play network. Once triggered, the device experiences a disruption of service but no compromise of data or credentials is expected. Severity is moderate, with a denial-of-service impact. Exploit probability is unknown due to the lack of an EPSS score, and the flaw is not listed in the CISA KEV catalog. The likely attack vector is local network access within the UniFi Play environment, inferred from the requirement that the attacker have network access to the device.

Generated by OpenCVE AI on April 13, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update UniFi Play PowerAmp to version 1.0.38 or later
  • Update UniFi Play Audio Port to version 1.1.9 or later

Generated by OpenCVE AI on April 13, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Improper Input Validation Leads to Denial of Service in Ubiquiti UniFi Play Devices

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp
Vendors & Products Ubiquiti
Ubiquiti unifi Play Audio Port
Ubiquiti unifi Play Poweramp

Mon, 13 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
Weaknesses CWE-20
References

Subscriptions

Ubiquiti Unifi Play Audio Port Unifi Play Poweramp
cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2026-04-14T20:18:31.138Z

Reserved: 2026-01-07T15:39:03.441Z

Link: CVE-2026-22565

cve-icon Vulnrichment

Updated: 2026-04-14T20:18:12.632Z

cve-icon NVD

Status : Received

Published: 2026-04-13T22:16:28.313

Modified: 2026-04-14T21:16:24.790

Link: CVE-2026-22565

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:33:04Z

Weaknesses