CVE-2026-22565 PUBLISHED

Assigner: hackerone
Reserved: 07.01.2026 Published: 13.04.2026 Updated: 13.04.2026

An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. 

Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)  UniFi Play Audio Port (Version 1.0.24 and earlier) 

Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later  Update UniFi Play Audio Port to Version 1.1.9 or later

Product Status

Vendor	Ubiquiti Inc
Product	UniFi Play PowerAmp
Versions	Default: unaffected affected from 0 to 1.0.38 (excl.)

Vendor	Ubiquiti Inc
Product	UniFi Play Audio Port
Versions	Default: unaffected affected from 0 to 1.1.9 (excl.)

References

https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83

Problem Types

CWE-20 Improper Input Validation CWE