Cyber Resilience

CVE-2026-22562

Critical

Published: 13 April 2026

Published
13 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0077 51.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-22562 is a critical-severity Path Traversal (CWE-22) vulnerability in Ui (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22562 is a Path Traversal vulnerability (CWE-22) in the device firmware of UniFi Play products, assigned a critical CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It affects UniFi Play PowerAmp running version 1.0.35 and earlier, as well as UniFi Play Audio Port running version 1.0.24 and earlier. The vulnerability enables a malicious actor to write arbitrary files on the affected system, which could be leveraged to achieve remote code execution (RCE).

An attacker with access to the UniFi Play network can exploit this flaw remotely with low attack complexity, without requiring authentication, privileges, or user interaction. Exploitation allows file writes that pave the way for RCE, granting high-impact control over confidentiality, integrity, and availability of the device.

The Ubiquiti security advisory recommends updating UniFi Play PowerAmp to version 1.0.38 or later and UniFi Play Audio Port to version 1.1.9 or later as the primary mitigation. Additional details are available in Security Advisory Bulletin 063 at https://community.ui.com/releases/Security-Advisory-Bulletin-063/e468dd4b-5090-4ef8-89d8-939903c08e83.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi…

more

Play PowerAmp (Version 1.0.35 and earlier) UniFi Play Audio Port (Version 1.0.24 and earlier) Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later Update UniFi Play Audio Port to Version 1.1.9 or later

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal vulnerability in network-accessible device firmware allows unauthenticated remote arbitrary file writes leading to RCE, directly mapping to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2505Shared CWE-22
CVE-2026-5841Shared CWE-22
CVE-2026-33242Shared CWE-22
CVE-2026-33292Shared CWE-22
CVE-2026-35605Shared CWE-22
CVE-2025-53632Shared CWE-22
CVE-2025-8110Shared CWE-22
CVE-2026-8757Shared CWE-22
CVE-2025-7712Shared CWE-22
CVE-2026-31817Shared CWE-22

Affected Assets

Ui
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal (CWE-22) by requiring validation of untrusted inputs to block traversal sequences that enable arbitrary file writes.

prevent

Ensures timely identification, reporting, and correction of firmware flaws like this critical path traversal vulnerability via patching to version 1.0.38 or later.

detect

Monitors for unauthorized changes to firmware and files, enabling detection of exploitation attempts that write arbitrary files for RCE.

References