CVE-2026-22565
Received Received - Intake
Improper Input Validation in UniFi Play Causes Device Hang

Publication date: 2026-04-13

Last updated on: 2026-04-14

Assigner: HackerOne

Description
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22565
EUVD
EUVD-2026-22094
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ubiquiti unifi_play_poweramp to 1.0.38 (exc)
ubiquiti unifi_play_audio_port to 1.1.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Input Validation issue that affects certain UniFi Play devices. A malicious actor who has access to the UniFi Play network could exploit this flaw to cause the affected device to stop responding.

Impact Analysis

If exploited, this vulnerability could cause the affected UniFi Play devices to become unresponsive, potentially disrupting their normal operation and any services relying on them.

Mitigation Strategies

To mitigate this vulnerability, update your affected devices to the fixed versions.

  • Update UniFi Play PowerAmp to Version 1.0.38 or later.
  • Update UniFi Play Audio Port to Version 1.1.9 or later.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22565. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart