PT-2026-32533 · Ubiquiti · Unifi Play Poweramp+1

Published

2026-04-13

Updated

2026-05-10

CVE-2026-22562

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Play PowerAmp versions prior to 1.0.38 UniFi Play Audio Port versions prior to 1.1.9

Description A path traversal issue in the device firmware allows a malicious actor with network access to write files to the system. This can be leveraged to achieve remote code execution (RCE), which is the ability to execute arbitrary commands on a remote machine.

Recommendations Update UniFi Play PowerAmp to version 1.0.38 or later. Update UniFi Play Audio Port to version 1.1.9 or later.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-22562

Affected Products

Unifi Play Audio Port

Unifi Play Poweramp

PT-2026-32533 · Ubiquiti · Unifi Play Poweramp+1

CVE-2026-22562

Weakness Enumeration

Related Identifiers

Affected Products

References · 8