CVE-2026-22562
Path Traversal in UniFi Play Firmware Enables Remote Code Execution
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: HackerOne
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubiquiti | unifi_play_poweramp | to 1.0.38 (exc) |
| ubiquiti | unifi_play_audio_port | to 1.1.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Path Traversal flaw in the firmware of UniFi Play devices. A malicious actor who has access to the UniFi Play network can exploit this flaw to write files onto the system. These files could then be used to execute remote code on the device.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to remote code execution on affected UniFi Play devices. This means an attacker could potentially take control of the device, compromise its integrity, availability, and confidentiality, and use it as a foothold to further attack the network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the affected UniFi devices to the fixed firmware versions.
- Update UniFi Play PowerAmp to Version 1.0.38 or later.
- Update UniFi Play Audio Port to Version 1.1.9 or later.