Security Advisory

CVE-2026-22562

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-13 21:28:11

Last updated 2026-04-14 13:14:19

Assigner hackerone

State PUBLISHED

Description

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier)  Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later

← Browse all CVEs View on cve.org ↗