CVE-2026-22565
Received
Received - Intake
Improper Input Validation in UniFi Play Causes Device Hang
Publication date: 2026-04-13
Last updated on: 2026-04-14
Assigner: HackerOne
Description
Description
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port (Version 1.0.24 and earlier)
Mitigation:
Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port to Version 1.1.9 or later
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ubiquiti | unifi_play_poweramp | to 1.0.38 (exc) |
| ubiquiti | unifi_play_audio_port | to 1.1.9 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Input Validation issue that affects certain UniFi Play devices. A malicious actor who has access to the UniFi Play network could exploit this flaw to cause the affected device to stop responding.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause the affected UniFi Play devices to become unresponsive, potentially disrupting their normal operation and any services relying on them.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your affected devices to the fixed versions.
- Update UniFi Play PowerAmp to Version 1.0.38 or later.
- Update UniFi Play Audio Port to Version 1.1.9 or later.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70