CVE-2026-22564 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 13, 2026
UniFi Play - Broken Access Control
Overview
UniFi Play PowerAmp <= 1.0.35 and UniFi Play Audio Port <= 1.0.24 contain an improper access control vulnerability allowing malicious actors with network access to enable SSH and make unauthorized system changes, exploit requires network access.
Severity & Score
Impact
Malicious actors can enable SSH and make unauthorized changes to the system, potentially compromising device integrity.
Mitigation
Update UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later.
Social Media Activity(2 posts)
š“ CVE-2026-22564 - Critical (9.8) An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.āØ Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)āØ UniF... š https://www.thehackerwire.com/vulnerability/CVE-2026-22564/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-22564 - Critical (9.8) An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.āØ Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)āØ UniF... š https://www.thehackerwire.com/vulnerability/CVE-2026-22564/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-22564
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H