CVE-2026-22564

EUVD-2026-22093
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 

Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)

UniFi Play Audio Port  (Version 1.0.24 and earlier)
 

Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later

Update UniFi Play Audio Port  to Version 1.1.9 or later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83