CVE-2026-22566 PUBLISHED

Assigner: hackerone
Reserved: 07.01.2026 Published: 13.04.2026 Updated: 14.04.2026

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.


Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)


Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 7.5

Product Status

Vendor Ubiquiti Inc
Product UniFi Play PowerAmp
Versions Default: unaffected
  • affected from 0 to 1.0.38 (excl.)
Vendor Ubiquiti Inc
Product UniFi Play Audio Port
Versions Default: unaffected
  • affected from 0 to 1.1.9 (excl.)

References

Problem Types

  • CWE-284 Improper Access Control - Generic CWE