CVE-2026-22562 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 13, 2026
UniFi Play - Path Traversal & Remote Code Execution
Overview
UniFi Play PowerAmp <= 1.0.35 and UniFi Play Audio Port <= 1.0.24 contain a path traversal vulnerability in device firmware, letting attackers with network access write files and potentially achieve remote code execution.
Severity & Score
Impact
Attackers with network access can write files and potentially execute code remotely, leading to full system compromise.
Mitigation
Update UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later.
Social Media Activity(2 posts)
š“ CVE-2026-22562 - Critical (9.8) A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play Po... š https://www.thehackerwire.com/vulnerability/CVE-2026-22562/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-22562 - Critical (9.8) A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play Po... š https://www.thehackerwire.com/vulnerability/CVE-2026-22562/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-22562
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- path_traversal
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H