Skip to main content

Ubiquiti CVE-2026-22563

| EUVDEUVD-2026-22092 CRITICAL
Improper Input Validation (CWE-20)
2026-04-13 hackerone GHSA-6rpc-86fm-9prv
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

9
Patch released
Apr 30, 2026 - 16:14 nvd
Patch available
Re-analysis Queued
Apr 17, 2026 - 15:37 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:44 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.1.9,1.0.38
Analysis Generated
Apr 15, 2026 - 12:37 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 21:45 euvd
EUVD-2026-22092
Analysis Generated
Apr 13, 2026 - 21:45 vuln.today
CVE Published
Apr 13, 2026 - 21:28 nvd
CRITICAL 9.8

DescriptionCVE.org

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.

Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port  (Version 1.0.24 and earlier)

Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port  to Version 1.1.9 or later

AnalysisAI

Critical command injection in Ubiquiti UniFi Play PowerAmp and Audio Port allows remote unauthenticated attackers to execute arbitrary commands with network access to the device management interface. Affects PowerAmp versions ≤1.0.35 and Audio Port versions ≤1.0.24. CVSS 9.8 critical severity reflects network-accessible attack with no authentication barriers. EPSS score of 0.08% (24th percentile) suggests low immediate exploitation probability despite critical scoring. Vendor-released patches av

Technical ContextAI

The vulnerability stems from improper input validation (CWE-20) in UniFi Play network audio devices, specifically the PowerAmp and Audio Port products manufactured by Ubiquiti. These are networked audio management devices designed for commercial audio distribution systems. The input validation failures allow attackers to inject operating system commands through network-accessible interfaces. Command injection vulnerabilities typically arise when user-supplied data is passed to system shells without proper sanitization, allowing metacharacters (like semicolons, pipes, or backticks) to break out of intended command contexts and execute arbitrary code. The affected CPE identifiers (cpe:2.3:a:ubiquiti_inc:unifi_play_poweramp and cpe:2.3:a:ubiquiti_inc:unifi_play_audio_port) indicate these are application-level vulnerabilities in Ubiquiti's firmware. The CVSS vector AV:N indicates these devices expose vulnerable interfaces over the network, likely through web management consoles or API endpoints common in IoT audio equipment.

RemediationAI

Organizations should immediately upgrade affected devices to patched firmware versions. Vendor-released patch: upgrade UniFi Play PowerAmp to version 1.0.38 or later, and upgrade UniFi Play Audio Port to version 1.1.9 or later. Firmware updates should be obtained from Ubiquiti's official community portal at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83. As interim risk mitigation if immediate patching is not feasible, restrict network access to UniFi Play device management interfaces using firewall rules or VLANs, ensuring only trusted administrative networks can reach these devices. Disable remote management features if not operationally required. Implement network monitoring to detect unusual command execution or outbound connections from these devices. Given the PR:N attack vector, no authentication-based controls will prevent exploitation, making patching the only complete remediation.

CVE-2026-34910 CRITICAL POC
10.0 May 22

Unauthenticated command injection in Ubiquiti UniFi OS devices allows remote attackers with network access to execute ar

CVE-2026-34909 CRITICAL POC
10.0 May 22

Path traversal in Ubiquiti UniFi OS devices allows network-adjacent attackers to read sensitive files from the underlyin

CVE-2026-34908 CRITICAL POC
10.0 May 22

Unauthorized system modification on Ubiquiti UniFi OS devices allows network-adjacent attackers to alter device configur

CVE-2013-1606 HIGH POC
7.5 Jul 18

Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allow

CVE-2026-22557 CRITICAL POC
10.0 Mar 19

A critical path traversal vulnerability exists in the UniFi Network Application that allows unauthenticated remote attac

CVE-2023-1458 CRITICAL POC
9.8 Mar 25

A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Rated critical severi

CVE-2023-24104 CRITICAL POC
9.8 Feb 23

Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Ra

CVE-2016-7792 HIGH POC
8.8 Jan 23

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the data

CVE-2023-23912 HIGH POC
8.8 Feb 09

A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.5

CVE-2023-2375 HIGH POC
7.3 Apr 28

A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulne

CVE-2023-2374 HIGH POC
7.3 Apr 28

A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this

CVE-2023-2378 HIGH POC
7.3 Apr 28

A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability

Share

CVE-2026-22563 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy