Ubiquiti UniFi Play: Code Injection Possible in Audio System

In UniFi Play networks with Ubiquiti UniFi high-end audio devices, attackers can exploit a security vulnerability to inject and execute malicious code. Updated firmware is available to fix the vulnerability.

Ubiquiti's security advisory lists as many as five vulnerabilities from last week. However, the corresponding vulnerability entries were only published on Tuesday night. Three vulnerabilities classified as critical are the most serious: First, a path traversal vulnerability in the firmware of UniFi Play PowerAmp and Audio Port, which attackers in the same network can exploit to write files to the system. This allows them to inject and execute malicious code (CVE-2026-22562, CVSS 9.8, Risk “critical”). In addition, attackers with access to the UniFi Play network can exploit insufficient input validation to inject commands (CVE-2026-22563, CVSS 9.8, Risk “critical”).

Ubiquiti UniFi Play: Further Security Vulnerabilities

The third critical security vulnerability is based on insufficient access controls and allows malicious actors with access to the UniFi Play network to force SSH to make unauthorized changes to the system (CVE-2026-22564, CVSS 9.8, Risk “critical”). Insufficient input validation can also cause attackers to make devices unresponsive (CVE-2026-22565, CVSS 7.5, Risk “high”). Due to inadequate access controls, malicious actors with access to the UniFi Play network can also obtain Wi-Fi credentials (CVE-2026-22566, CVSS 7.5, Risk “high”).

The security vulnerabilities affect UniFi Play PowerAmp 1.0.35 and UniFi Play Audio Port 1.0.24 and earlier. Updating to Update UniFi Play PowerAmp Version 1.0.38 and Update UniFi Play Audio Port Version 1.1.9 or newer versions respectively corrects the underlying errors.

In mid-March, a security vulnerability in Ubiquiti's UniFi Network Application became known. Attackers could gain unauthorized access through it.

(dmk)